none
Mysterious SecurityData ResourceGroup,..

    Question

  • Hi,

    Sorry if this is the wrong forum, was not sure where to put this. 

    For some strange reasons I have recently a mysterious SecurityData Resourcegroup with an BlobStorage popping up in my Azure Account located in EastUS. I had been deleting it, but it seems to resurrect the next day.

    My first impression was that my account had been hacked, but I am not so sure about this as I use MFA and changed my password recently. It is filled with a lot of strange named Table/Blobs.

    Has anyone any idea what this is?

    THnx

     Andreas

    Wednesday, November 16, 2016 9:02 AM

Answers

  • Hi Andreas,

    SecurityData Resourcegroup is used to store your security data for Azure Security Center service.

    When you opt-in into Azure Security Center, we provision data pipe to collect your security events to provide security recommendations and detections.

    This pipe is consist out of storage account to store data and security data collection agent as VM extension to collect data.

    If you wish to opt-out from Azure Security Center service, you can select under policy “data collection as OFF”

    Thx,

    Eli (Principle Eng Manager @ Microsoft)

    • Marked as answer by Andreas Pollak Tuesday, December 20, 2016 2:23 PM
    Tuesday, December 20, 2016 11:48 AM

All replies

  • Hi Andreas,

    SecurityData Resourcegroup is used to store your security data for Azure Security Center service.

    When you opt-in into Azure Security Center, we provision data pipe to collect your security events to provide security recommendations and detections.

    This pipe is consist out of storage account to store data and security data collection agent as VM extension to collect data.

    If you wish to opt-out from Azure Security Center service, you can select under policy “data collection as OFF”

    Thx,

    Eli (Principle Eng Manager @ Microsoft)

    • Marked as answer by Andreas Pollak Tuesday, December 20, 2016 2:23 PM
    Tuesday, December 20, 2016 11:48 AM
  • Securitydata resource group is automatically created along with a storage account to storage data collected from Azure resources which are monitored and recommended in Azure Security Center service. Unfortunately Microsoft makes a scary resource group name which make people feel unsafe

    Microsoft should change the name to be more meaningful, for example azuresecuritycenter-data. Such a name will never make people feel unsafe when they manage Azure. If the environment is large then there would be an audit action plan to check through the entirely Azure subscription which would take time and effort.

    I just wrote a little here to clarify securitydata resource group http://thuansoldier.net/?p=4985


    Thuan Soldier


    Monday, April 17, 2017 9:40 AM