Skip to content

Commit 0640479

Browse files
authored
Merge pull request #97316 from memildin/asc-melvyn-daily
Additional section for the continuous export page
2 parents c365bbe + a464454 commit 0640479

File tree

3 files changed

+24
-1
lines changed

3 files changed

+24
-1
lines changed

articles/security-center/continuous-export.md

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ ms.author: memildin
1212
---
1313
# Export security alerts and recommendations (Preview)
1414

15-
Azure Security Center generates detailed security alerts and recommendations. You can view these in the portal or through programmatic tools. You may also need to export this information or send it to other monitoring tools in your environment.
15+
Azure Security Center generates detailed security alerts and recommendations. You can view them in the portal or through programmatic tools. You may also need to export this information or send it to other monitoring tools in your environment.
1616

1717
This article describes the set of (preview) tools that allow you to export alerts and recommendations either manually or in an ongoing, continuous fashion.
1818

@@ -70,6 +70,29 @@ Security alerts and recommendations are stored in the *SecurityAlert* and *Secur
7070

7171
![The *SecurityAlert* table in Log Analytics](./media/continuous-export/log-analytics-securityalert-solution.png)
7272

73+
### View exported security alerts and recommendations in Azure Monitor
74+
75+
In some cases, you may choose to view the exported Security Alerts and/or recommendations in [Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/platform/alerts-overview).
76+
77+
Azure Monitor provides a unified alerting experience for a variety of Azure alerts including Diagnostic Log, Metric alerts, and custom alerts based on Log Analytics workspace queries.
78+
79+
To view alerts and recommendations from Security Center in Azure Monitor, configure an Alert rule based on Log Analytics queries (Log Alert):
80+
81+
1. From Azure Monitor's **Alerts** page, click **New alert rule**.
82+
83+
![Azure Monitor's alerts page](./media/continuous-export/azure-monitor-alerts.png)
84+
85+
1. In the create rule page, configure your new rule (in the same way you'd configure a [log alert rule in Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/platform/alerts-unified-log):
86+
87+
* For **Resource**, select the Log Analytics workspace to which you exported security alerts and recommendations.
88+
89+
* For **Condition**, select **Custom log search**. In the page that appears, configure the query, lookback period, and frequency period. In the search query, you can type *SecurityAlert* or *SecurityRecommendation* to query the data types that Security Center continuously exports to as you enable the Continuous export to Log Analytics feature.
90+
91+
* Optionally, configure the [Action Group](https://docs.microsoft.com/azure/azure-monitor/platform/action-groups) that you'd like to trigger. Action groups can trigger email sending, ITSM tickets, WebHooks, and more.
92+
![Azure Monitor alert rule](./media/continuous-export/azure-monitor-alert-rule.png)
93+
94+
You'll now see new Azure Security Center alerts or recommendations (depending on your configuration) in Azure Monitor alerts, with automatic triggering of an action group (if provided).
95+
7396
## Manual one-time export of security alerts
7497

7598
To download a CSV report for alerts or recommendations, open the **Security alerts** or **Recommendations** page and click **Download CSV report (Preview)** button.
115 KB
Loading
207 KB
Loading

0 commit comments

Comments
 (0)