Email Notification for alerts triggered by ATP for Azure Storage, SQL ATP and Azure Security Center
Published May 20 2019 10:57 AM 8,688 Views
Microsoft

In Azure Security Center, you have an option to configure Email Notification to receive alerts, as shown below:

 

Fig1.PNG

In ASC, an email notification is sent on the first daily occurrence of an alert and only for high severity alerts, as fully documented in this article. In summary, ASC alert email notifications are sent under the following circumstances:

  • Only for high severity alerts
  • To a single email recipient per alert type per day
  • No more than 3 email messages are sent to a single recipient in a single day
  • Each email message contains a single alert, not an aggregation of alerts

When you enable SQL Severs and Storage accounts resources under the Pricing Tier in Security Center, the SQL ATP and ATP for Storage Account capabilities are going to be enabled for this subscription.

 

Fig2.PNG

At that point, when SQL ATP or ATP for Azure Storage detects a malicious activity, it will trigger an alert, and that alert will appear in Security Center security alert dashboard. However, SQL ATP and ATP for Azure Storage have their own email notification flow, which is currently not integrated with Security Center. This means that you may receive email notification for alerts triggered by SQL ATP or ATP for Azure Storage that are medium severity, like the one below:

 

Fig3.PNG

 

The email address that ATP for Azure Storage uses to send those alerts is the email address configured in the Azure account profile. For more information about how to change this email address, read this article. The email address that SQL ATP uses is configured under the Database or Server setting, as shown below:

 

Fig4.PNG

 

In summary, when you enabled these two new resources in ASC, you will have three locations for email notifications:

  • ASC dashboard: for alerts triggered by ASC threat detection engine
  • SQL Advanced Data Security blade: for alerts triggered by SQL ATP
  • Azure account information: for alerts triggered by ATP for Azure Storage

 

4 Comments
Version history
Last update:
‎May 20 2019 10:58 AM
Updated by: