Using Azure Activity Log to query security alerts originated by Azure Security Center


By now you know that you can use Azure Security Center dashboard to visualize Security Alerts, and you can also use Log Analytics to query Security Alerts. Recently we also added the capability to visualize Security Alerts originated by Security Center from Azure Activity Log. For the example below I'm going to search for security alerts that have the keyword "Brute Force":

First part of the Activity Log query has a pretty generic selection:

The second part of the Activity Log query, has the keyword that I want to use for this search:

After filling the necessary fields, click Apply and you will get a list of entries that represents potential alerts. Notice that these alerts will not appear in a nice diagram like it shows in Security Center, and it will look more like an informational alert, rather than a high priority alert:

Click on it to see more details, and in the Summary tab you have the same explanation as you have in the Alert Description in Security Center. The only different is that in Security Center dashboard you will see more details, including remediation steps:

If you click in JSON tab, you will see something similar to this:

Well, now you know one more way to visualize Security Alerts. For more information about Security Alerts read:

 

 

Comments (0)

Skip to main content