Last week I had the opportunity to attend Microsoft Inspire and Ready in Las Vegas. It was great to meet Microsoft Partners at the Azure Security booth, where I was primarily demoing Azure Security Center. Below the top five questions that I received:
1) Where my customer can learn more about Azure Security Center and perhaps do some hands-on-lab to experience the platform?
Our team put together a readiness roadmap to help you to learn more about Azure Security Center, there you will find articles, videos and links to hands-on-lab. Go to https://aka.ms/ascreadiness for more info.
2) Does Azure Security Center supports Linux?
Yes. Make sure to visit Supported platforms in Azure Security Center article for more information about which flavors of Linux are supported.
3) I used this Azure Security Center alert simulation, but I noticed that is only for Windows. Do we have one for Linux?
No. We currently don't have one because Linux detection is still in private preview. Once we reach public preview we should have one. For more info, read this blog post.
4) Can I fire an email every time I receive an alert?
Yes, but is not auto-triggered. You can use the Security Playbook feature in ASC to fire an alert, but you need to run that playbook manually.
Microsoft Ready (which is dedicated to MSFTE only), was also great. I had an awesome time delivering the Azure Security Center Hands-On-Lab with Kelly Anderson, and on Friday, Ben Nick and Ajeet Prakash and I delivered the last session of the event.
Some public resources that we shared in this session includes:
- Azure Security Center Alert Simulation https://aka.ms/ASCSecPlaybook
- Actual Log Analytics queries link https://docs.loganalytics.io/index
- Query repositories : WDATP/log analytics Githubhttps://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries