Using Azure Monitor to send an Email Notification for Azure Security Center Alerts
Azure Security Center allows you to provide a security contact that will receive email notifications for Security Alerts, keep in mind that these notification will be sent only on the first daily occurrence of a high severity alert. You can read Provide security contact details in Azure Security Center for more information on how to configure this option. However, if you want to receive an email for every single alert that pops up in Azure Security Center, you can use Azure Monitor .
Processed events produced by Azure Security Center are published to the Azure Activity log, and via Azure Monitor you can create classic activity log alerts. This streaming log alert is triggered when an activity log event is generated that matches filter criteria that you've assigned. The diagram below shows the flow from Azure Security Center to Azure Monitor:
Now that you understand the flow, follow the steps below to configure this integration:
1. Create an Azure Monitor Rule
- You can create a classic rule using the procedure from this article.
- Make sure to customize at least this setting:
- Under Criteria / Event Category, select Security.
- Read this article to see an example of the Activity Log Schema for Security category.
- Make sure to customize at least this setting:
2. Simulate an alert
- You can use this playbook to simulate alerts, or simply use this alert validation procedure.
When the alert is fired, you will receive an email (if this is the action that you selected) similar to the one below:
When reviewing this email, you should review all fields, but pay close attention to the following ones:
- Activity Log Alert: the severity of the alert (in this case is High)
- Time: the time that the alert was generated
- Properties: this field will bring the entire lert that you see in Security Center, noticed that within this field, there are other fields, such as resourceType, compromisedEntity, and others. Although they are all in a single paragraph, it is easy to compreehend.
Thank you Kelly Anderson and Gilad Elyashar for reviewing this post!
#TeamWork