Merge pull request #97316 from memildin/asc-melvyn-daily

Additional section for the continuous export page

Author: PMEds28

articles/security-center/continuous-export.md

@@ -12,7 +12,7 @@ ms.author: memildin
 ---
 # Export security alerts and recommendations (Preview)
 
-Azure Security Center generates detailed security alerts and recommendations. You can view these in the portal or through programmatic tools. You may also need to export this information or send it to other monitoring tools in your environment. 
+Azure Security Center generates detailed security alerts and recommendations. You can view them in the portal or through programmatic tools. You may also need to export this information or send it to other monitoring tools in your environment. 
 
 This article describes the set of (preview) tools that allow you to export alerts and recommendations either manually or in an ongoing, continuous fashion.
 
@@ -70,6 +70,29 @@ Security alerts and recommendations are stored in the *SecurityAlert* and *Secur
 
 ![The *SecurityAlert* table in Log Analytics](./media/continuous-export/log-analytics-securityalert-solution.png)
 
+###  View exported security alerts and recommendations in Azure Monitor
+
+In some cases, you may choose to view the exported Security Alerts and/or recommendations in [Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/platform/alerts-overview). 
+
+Azure Monitor provides a unified alerting experience for a variety of Azure alerts including Diagnostic Log, Metric alerts, and custom alerts based on Log Analytics workspace queries.
+
+To view alerts and recommendations from Security Center in Azure Monitor, configure an Alert rule based on Log Analytics queries (Log Alert):
+
+1. From Azure Monitor's **Alerts** page, click **New alert rule**.
+
+    ![Azure Monitor's alerts page](./media/continuous-export/azure-monitor-alerts.png)
+
+1. In the create rule page, configure your new rule (in the same way you'd configure a [log alert rule in Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/platform/alerts-unified-log):
+
+    * For **Resource**, select the Log Analytics workspace to which you exported security alerts and recommendations.
+
+    * For **Condition**, select **Custom log search**. In the page that appears, configure the query, lookback period, and frequency period. In the search query, you can type *SecurityAlert* or *SecurityRecommendation* to query the data types that Security Center continuously exports to as you enable the Continuous export to Log Analytics feature. 
+    
+    * Optionally, configure the [Action Group](https://docs.microsoft.com/azure/azure-monitor/platform/action-groups) that you'd like to trigger. Action groups can trigger email sending, ITSM tickets, WebHooks, and more.
+    ![Azure Monitor alert rule](./media/continuous-export/azure-monitor-alert-rule.png)
+
+You'll now see new Azure Security Center alerts or recommendations (depending on your configuration) in Azure Monitor alerts, with automatic triggering of an action group (if provided).
+
 ## Manual one-time export of security alerts
 
 To download a CSV report for alerts or recommendations, open the **Security alerts** or **Recommendations** page and click **Download CSV report (Preview)** button.