cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Security Center - Workflow Automation is now GA!

Cristhofer Munoz
Microsoft

‎Mar 30 2020 07:50 AM - edited ‎Mar 30 2020 07:50 AM

‎Mar 30 2020 07:50 AM - edited ‎Mar 30 2020 07:50 AM

Azure Security Center - Workflow Automation is now GA!

We are very excited to share that ‘ASC Workflow Automation’ is now generally available for all ASC customers! 

 

‘ASC Workflow Automation’ enables customers to trigger Azure Logic Apps workflows on Azure Security Center alerts and recommendations. This feature provides a wide variety of actions that can be triggered automatically upon any security event, to answer many SOAR scenarios (security orchestration, automation and response). A few examples of Workflows can be notifying relevant stakeholders, launching a change management process, applying specific remediation steps, quarantining a compromised machine and much more.

 

The feature can be centrally managed in scale by the following: 

1.       New Security Policies which easily enable enterprises to be compliant with any SOAR approach they would enforce within their enterprise security posture

2.       Template Deployments on Azure Gallery which ease the creation of common scenarios with ready-to-use templates.

 

How is it configured?

 

In the Azure portal, navigate to Security Center -> Workflow automation management blade

 

To add a new automation – click on the ‘+ Add workflow automation’ and fill in the relevant details, such as security event type, filters, and the target logic app to trigger. That’s it!

‘ASC Workflow automation’ will take care of triggering your workflow whenever a recommendation or alert is generated which matches the filter.

More advanced filtering capabilities are available via REST API or ARM Deployment.

 

workflow.png

 

configuration.png

 

 

What’s Next?

We are looking forward to adding new features such as supporting more security event types, as well as supporting scheduled workflows.

 

Official Documentation

https://docs.microsoft.com/en-us/azure/security-center/workflow-automation 

 

Blog Posts:

·         Enable JIT VM Access on Virtual Machine with Workflow Automation 

·         How to Isolate and Azure VM using ASC’s Workflow Automation 

·         The adventure of Automating Azure Security Center – Part 1 

·         Using Azure Security Center API for Workflow Automation 

·         Send ASC Recommendations to Azure Resource Stakeholders 

·         Azure – You Can Now Define Automation Workflow on Azure Security Center 

 

We would love to hear your feedback! 

 

 
1,407 Views
2 Likes
1 Reply
Reply
1 Reply
CHARBEL NEMNOM

‎Mar 30 2020 11:04 PM - edited ‎Mar 30 2020 11:05 PM

‎Mar 30 2020 11:04 PM - edited ‎Mar 30 2020 11:05 PM

RE: Azure Security Center - Workflow Automation is now GA!

Thank you @Cristhofer Munoz for sharing my blog, much appreciated!

All the best,

-Charbel

0 Likes
Reply