none
Difference between Alerts and Security Alerts; are Security Alerts tied with Security Policies RRS feed

  • Question

  • Hi everyone,

    I would like to ask what is the difference between Alerts and Security Alerts. Security Center is something my colleague would like me to use in our tenant and the question I mentioned is something that bothers me already for a few days. What exactly are security alerts? Are they alerts that a user cannot configure? Are they pre-built and fired under a circumstance which a user cannot see until the condition actually happens? Or are they just regular alerts and I am just not aware of it?

    Another question is are those alerts (security) tied with Security Policies. What do I mean by that? My point is, are they fired when a security policy is violated? Even slightly?

    I know I created only a question, but if it is possible from you guys, I would welcome a deep discussion.

    P.S. Thank you for every answer you give me.
    • Edited by Quiller_ID Thursday, September 26, 2019 8:33 AM
    Thursday, September 26, 2019 8:30 AM

Answers

  • Azure Alerts and Azure Security Alerts are basically used to alert the admin's or the responsible user about a threat or an issue so that they can take the corresponding action. This action can be manual or automated. 

    Azure Alerts are triggered based on the policies created by the user/admin and are based on metrics, logs, activities, etc. Admin has control over the policies and can decide the thresholds based on his environment.

    Example: You can have an alert generated when the CPU usage a particular VM reaches 80% and configure it to be sent to the helpdesk team. 

    Ref: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-overview

    Azure Security Alerts are generated by the Azure Security Center. These are generated when a resource being monitored by Azure Security center violates security best practices or experiences suspicious activity. 

    The triggers for these alerts are defined by the Microsoft security team and can be applied to on-premise and cloud resources. Admin will not have control over the thresholds. ML algorithms observe the behavior in your environment and trigger these alerts. They will compile the data required to investigate this further and display it in the security center dashboard for admins to take action.

    Ref: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#what-are-security-alerts

    Hope this helps.

     


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!


    Thursday, September 26, 2019 9:18 AM
    Moderator
  • Yes, disabling policies will affect recommendations and alerts. You will still receive some of the basic alerts unless you assign a policy disabling all checks.


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

    • Marked as answer by Quiller_ID Friday, September 27, 2019 8:18 AM
    Friday, September 27, 2019 6:26 AM
    Moderator

All replies

  • Azure Alerts and Azure Security Alerts are basically used to alert the admin's or the responsible user about a threat or an issue so that they can take the corresponding action. This action can be manual or automated. 

    Azure Alerts are triggered based on the policies created by the user/admin and are based on metrics, logs, activities, etc. Admin has control over the policies and can decide the thresholds based on his environment.

    Example: You can have an alert generated when the CPU usage a particular VM reaches 80% and configure it to be sent to the helpdesk team. 

    Ref: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-overview

    Azure Security Alerts are generated by the Azure Security Center. These are generated when a resource being monitored by Azure Security center violates security best practices or experiences suspicious activity. 

    The triggers for these alerts are defined by the Microsoft security team and can be applied to on-premise and cloud resources. Admin will not have control over the thresholds. ML algorithms observe the behavior in your environment and trigger these alerts. They will compile the data required to investigate this further and display it in the security center dashboard for admins to take action.

    Ref: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#what-are-security-alerts

    Hope this helps.

     


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!


    Thursday, September 26, 2019 9:18 AM
    Moderator
  • Thank you for your answer, it helped.

    I have an additional question. If I were to disable all Azure Security Policies, would it influence the flow of Security Alerts?

    Thursday, September 26, 2019 10:39 AM
  • Yes, disabling policies will affect recommendations and alerts. You will still receive some of the basic alerts unless you assign a policy disabling all checks.


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

    • Marked as answer by Quiller_ID Friday, September 27, 2019 8:18 AM
    Friday, September 27, 2019 6:26 AM
    Moderator
  • Thank you very much for the answer, it really helped.

    I think that's it from my part.

    Friday, September 27, 2019 8:20 AM