Manage Security Alerts In Azure Security Center

INTRODUCTION

 
This article is about the way to check and process the Security Center's alerts and protect resources.
 
Advanced detections that trigger security alerts are only available with Azure Defender. A free trial is available. Azure Security refers to security tools and capabilities available on Microsoft’s Azure cloud platform.
 

AZURE SECURITY CENTER

 
Azure Security Center may be a unified security management system offered by Microsoft to Azure customers. Some Azure Security Center benefits are,
  • Providing visibility and control over the safety of Azure resources (like Virtual Machines, Cloud Services, Azure Virtual Networks, and Blob Storage).
  • Strengthening security position.
  • Protecting hybrid workloads deployed in Azure.
  • Detecting and blocking cybersecurity threats

AZURE SECURITY WORKS

 
Microsoft Azure Security infrastructure operates under a shared security responsibility model.
  • In IaaS (infrastructure as a service), Azure takes over physical security (hosts, networks, and datacenter).
  • In PaaS (platform as a service), Azure takes over physical security and therefore the OS.
  • In SaaS (software as a service), Azure takes more responsibilities: physical security, OS, network controls, and application

AZURE SECURITY ARE

  • Store your keys within the Azure Key Vault. This vault is meant to support passwords, database credentials, and other secrets.
  • Install an internet application firewall.
  • Use Azure MFA (Multi-factor Authentication), especially for admin accounts.
  • Use Azure’s DDoS services to stop and mitigate DDoS (distributed denial of service) attacks.
SECURITY ALERTS
 
The Security Center collects, analyzes, and integrates log data and thus the network.And firewall and endpoint protection solutions, helps to detect real threats and reduce false positives.
 
MANAGE SECURITY ALERTS
 
Sign into the Azure portal. (Your Azure subscription), then go to the click on the Azure portal menu, then open the Security Center's overview page. Then select the Security alerts tile at the top of the page.
 
Manage Security Alerts In Azure Security Center
 
Manage Security Alerts In Azure Security Center 
 
Then, open the security alerts map (Preview).
 
Manage Security Alerts In Azure Security Center 
 
View the security alerts page.
 
Manage Security Alerts In Azure Security Center 
 
This filter the alerts list, if the need selects any of the relevant filters. And Filtering is often very helpful.
 
Manage Security Alerts In Azure Security Center 
 

HOW TO RESPOND TO SECURITY ALERTS

 
From the Security alerts page list, select an alert. Open it and it shows an outline of the alert and every one of the affected resources. Choose View full details.
 
Manage Security Alerts In Azure Security Center 
 
These details help to investigate the issue.
 
Manage Security Alerts In Azure Security Center 
 
These details help to require further actions regarding the security alert.
 
Manage Security Alerts In Azure Security Center 
 

Summary

 
This article was about how to Manage security alerts in Azure Security Center. In my next article, I cover the next step of this series.