May 24 2020 02:08 AM
Hi,
I am trying to support one of our customers by monitoring his Security Center Alerts,
My question is - does security center can write alerts into LogAnalytics workspace?
If so is it the SecurityAlert table, that contains the alerts?
The second question is, does the security center is always based on LogAnalytics workspace as Azure Sentinel does?
May 24 2020 04:04 AM
Hello @DavidSho
Security Center alerts are not integrated to Azure Log Analytics by default. So, you should integrate both to analyze the security center alerts from Log Analytics.
Following article help you to setup a continuous export of security center alerts to Log Analytics and to analyze from there.
https://docs.microsoft.com/en-us/azure/security-center/continuous-export
Hope, both of your questions are answered
Thanks,
Manu