You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/security-center/security-center-alerts-data-services.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
2
title: Threat detection for data services in Azure Security Center | Microsoft Docs
3
-
description: This topic presents the data services alerts available in Azure Security Center.
3
+
description: This article presents the data services alerts available in Azure Security Center.
4
4
services: security-center
5
5
documentationcenter: na
6
6
author: memildin
@@ -14,7 +14,7 @@ ms.author: memildin
14
14
---
15
15
# Threat detection for data services in Azure Security Center
16
16
17
-
Azure Security Center analyzes the logs of data storage services, and triggers alerts when it detects a threat to your data resources. This topic lists the alerts that Security Center generates for the following services:
17
+
Azure Security Center analyzes the logs of data storage services, and triggers alerts when it detects a threat to your data resources. This article lists the alerts that Security Center generates for the following services:
18
18
19
19
*[Azure SQL Database and Azure SQL Data Warehouse](#data-sql)
20
20
*[Azure Storage](#azure-storage)
@@ -48,7 +48,7 @@ Security Center analyzes diagnostic logs of read, write, and delete requests to
48
48
49
49
|Alert|Description|
50
50
|---|---|
51
-
|**Unusual location access anomaly**|Sampled network traffic analysis detected anomalous outgoing Remote Desktop Protocol (RDP) communication, originating from a resource in your deployment. This activity is considered abnormal for this environment. It can indicate that your resource has been compromised, and is now used to brute force attack an external RDP endpoint. This type of activity might cause your IP to be flagged as malicious by external entities.|
51
+
|**Access from unusual location**|Indicates that there was a change in the access pattern to an Azure Storage account. Someone has accessed this account from an IP address considered unfamiliar when compared with recent activity. Either an attacker has gained access to the account, or a legitimate user has connected from a new or unusual geographic location. An example of the latter is remote maintenance from a new application or developer.|
52
52
|**Application access anomaly**|Indicates that an unusual application has accessed this storage account. A potential cause is that an attacker has accessed your storage account by using a new application.|
53
53
|**Anonymous access anomaly**|Indicates that there is a change in the access pattern to a storage account. For instance, the account has been accessed anonymously (without any authentication), which is unexpected compared to the recent access pattern on this account. A potential cause is that an attacker has exploited public read access to a container that holds blob storage.|
54
54
|**Tor Anomaly**|Indicates that this account has been accessed successfully from an IP address that is known as an active exit node of Tor (an anonymizing proxy). The severity of this alert considers the authentication type used (if any), and whether this is the first case of such access. Potential causes can be an attacker who has accessed your storage account by using Tor, or a legitimate user who has accessed your storage account by using Tor.|
0 commit comments