Azure Security Center - Continuous Export is now GA!

%3CLINGO-SUB%20id%3D%22lingo-sub-1252299%22%20slang%3D%22en-US%22%3EAzure%20Security%20Center%20-%20Continuous%20Export%20is%20now%20GA!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1252299%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EWe%20are%20very%20excited%20to%20share%20that%20%3CSTRONG%3E%E2%80%98ASC%20continuous%20export%E2%80%99%3C%2FSTRONG%3E%20is%20now%20generally%20available%20for%20all%20ASC%20customers!%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSTRONG%3E%E2%80%98ASC%20continuous%20export%E2%80%99%3C%2FSTRONG%3E%3C%2FSPAN%3E%3CSPAN%3E%20allows%20for%20ASC%20alerts%20and%20recommendations%20to%20be%20consumed%20by%20a%20large%20variety%20of%20products%2C%20in%20addition%20to%20Azure%20portal%20and%20API.%20This%20new%20capability%20enables%20customers%20to%20leverage%20ASC%20for%20enterprise%20level%20scenarios.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22text-decoration%3A%20line-through%3B%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EAny%20customer%20can%20now%20stream%20alerts%20%5C%20recommendations%20to%20multiple%20export%20targets%20such%20as%20%3CSTRONG%3EAzure%20Event%20Hubs%3C%2FSTRONG%3E%20or%20%3CSTRONG%3EAzure%3C%2FSTRONG%3E%20%3CSTRONG%3ELog%20Analytics%20workspaces%3C%2FSTRONG%3E%2C%20which%20in%20turn%20enable%20integrations%20with%203rd%20party%20SIEMs%2C%203rd%20party%20solutions%20in%20real-time%2C%20Azure%20Data%20Explorer%2C%20custom%20Power%20BI%20dashboards%20and%20Azure%20Monitor%20alerts.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSTRONG%3EHow%20is%20it%20configured%3C%2FSTRONG%3E%3C%2FSPAN%3E%3CSPAN%3E%3CSTRONG%3E%3F%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EIn%20the%20Azure%20portal%2C%20under%20%E2%80%9CSecurity%20Center%20-%26gt%3B%20Pricing%20and%20settings%E2%80%9D%20customers%20are%20offered%20to%20configure%20continuous%20export%20for%20their%20subscription.%20They%20can%20choose%20the%20target%20of%20the%20export%2C%20as%20well%20as%20filter%20exported%20data%20by%20severity.%20More%20advanced%20filtering%20capabilities%20are%20available%20via%20%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Frest%252Fapi%252Fsecuritycenter%252Fautomations%26amp%3Bdata%3D02%257C01%257Ccrmuno%2540microsoft.com%257C40eae9ba9ffe4027422408d7d0c5dd3a%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637207421193949256%26amp%3Bsdata%3Ds9PyWBiKJr8qHLnUnyxquMc8Mf3WpdBL6dYURDctAf8%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EREST%20API%3C%2FA%3E%20or%20ARM%20Deployment.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CDIV%20id%3D%22tinyMceEditorCristhofer%20Munoz_0%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22export.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F179387i0594AB9EF637FD3A%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22export.png%22%20alt%3D%22export.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EWe%20are%20continuously%20monitoring%20feedback%20to%20improve%20the%20experience.%20We%20would%20love%20to%20hear%20your%20feedback!%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EOfficial%20documentation%20and%20examples%20can%20be%20found%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fazure%252Fsecurity-center%252Fcontinuous-export%26amp%3Bdata%3D02%257C01%257Ccrmuno%2540microsoft.com%257C40eae9ba9ffe4027422408d7d0c5dd3a%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637207421193959253%26amp%3Bsdata%3DkJb0Gm%252FLGuCrd7yoyMBZbXZCpD0LSjzJK%252FTfA7fSVBA%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CSPAN%3Ehere%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E.%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1252299%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%20Center%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

We are very excited to share that ‘ASC continuous export’ is now generally available for all ASC customers! 

 

‘ASC continuous export’ allows for ASC alerts and recommendations to be consumed by a large variety of products, in addition to Azure portal and API. This new capability enables customers to leverage ASC for enterprise level scenarios.

 

Any customer can now stream alerts \ recommendations to multiple export targets such as Azure Event Hubs or Azure Log Analytics workspaces, which in turn enable integrations with 3rd party SIEMs, 3rd party solutions in real-time, Azure Data Explorer, custom Power BI dashboards and Azure Monitor alerts.

 

How is it configured?

In the Azure portal, under “Security Center -> Pricing and settings” customers are offered to configure continuous export for their subscription. They can choose the target of the export, as well as filter exported data by severity. More advanced filtering capabilities are available via REST API or ARM Deployment.

 

export.png

 

 

 

We are continuously monitoring feedback to improve the experience. We would love to hear your feedback!

Official documentation and examples can be found here. 

0 Replies