Azure Security Center Integration with Windows Defender Advanced Threat Protection for Servers
At RSA Security Conference this year we announced that Security Center now harnesses the power of WDATP to provide improved threat detection for Windows Servers (this integration is currently in preview). When this integration is enabled you will be able to see more details from the endpoint perspective. You will still start your investigation using Security Center Alerts, in the example below we have an alert about a suspicious PowerShell activity:
From this page, you can click Investigate to continue your investigation using the Investigation dashboard. The first part of this dashboard has the Investigation path, as shown below:
On the right side, you have the properties of the selected entity. In this case the selected entity is the alert itself, and the info page of this alert has the hyperlink to Windows Defender ATP Portal as shown below:
When you click on this hyperlink, the Windows Defender ATP Portal will open up, and from there you can have a better visibility of the events that lead to this attack on the server itself. Here an example of how this looks like in the WDATP Portal: