You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/alerts-overview.md
+11-10Lines changed: 11 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,21 +12,22 @@ ms.custom: fasttrack-edit
12
12
This article describes security alerts and notifications in Microsoft Defender for Cloud.
13
13
14
14
## What are security alerts?
15
-
Security alerts are the notifications generated by Defender for Cloud and Defender for Cloud plans when threats are identified in your cloud, hybrid, or on-premises environment.
16
-
17
-
- Security alerts are triggered by advanced detections in Defender for Cloud, and are available when you enable Defender for Cloud [Defender plans](defender-for-cloud-introduction.md#protect-cloud-workloads).
18
-
- Each alert provides details of affected resources, issues, and remediation recommendations.
19
-
- Defender for Cloud classifies alerts and prioritizes them by severity in the Defender for Cloud portal.
20
-
- Alerts are displayed for 90 days, even if the resource related to the alert was deleted during that time. This is because the alert might indicate a potential breach to your organization that needs to be further investigated.
21
-
- Alerts can be exported to CSV format, or directly injected into Microsoft Sentinel.
15
+
Security alerts are the notifications generated by Defender for Cloud's workload protection plans when threats are identified in your Azure, hybrid, or multi-cloud environments.
16
+
17
+
- Security alerts are triggered by advanced detections available when you enable [Defender plans](defender-for-cloud-introduction.md#protect-cloud-workloads) for specific resource types.
18
+
- Each alert provides details of affected resources, issues, and remediation steps.
19
+
- Defender for Cloud classifies alerts and prioritizes them by severity.
20
+
- Alerts are displayed in the portal for 90 days, even if the resource related to the alert was deleted during that time. This is because the alert might indicate a potential breach to your organization that needs to be further investigated.
21
+
- Alerts can be exported to CSV format.
22
+
- Alerts can also be streamed directly to a Security Information and Event Management (SIEM) such as Microsoft Sentinel, Security Orchestration Automated Response (SOAR), or IT Service Management (ITSM) solution.
22
23
- Defender for Cloud leverages the [MITRE Attack Matrix](https://attack.mitre.org/matrices/enterprise/) to associate alerts with their perceived intent, helping formalize security domain knowledge.
23
24
24
25
### How are alerts classified?
25
26
26
-
Defender for Cloud assigns a severity to alerts to help you prioritize how you attend to each alert. Severity is based on how confident Defender for Cloud is in the:
27
+
Alerts have a severity level assigned to help prioritize how to attend to each alert. Severity is based on:
27
28
28
-
-Finding/analytic used to issue the alert
29
-
-Confidence level that there was malicious intent behind the activity that led to the alert
29
+
-The specific trigger
30
+
-The confidence level that there was malicious intent behind the activity that led to the alert
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments