Ensure that the security alerts generated by the Microsoft Defender for Cloud workload protection plans are examined and implemented in order to follow security best practices and meet regulatory compliance and standards. Microsoft Defender for Cloud is a security management service that helps you prevent, detect, and respond to threats with increased visibility and control over the security of your Azure cloud resources. The service periodically analyzes the security state of your cloud resources and when it identifies potential security vulnerabilities, it generates alert notifications. These security alerts are triggered when threats are identified in your Azure, hybrid, or multicloud environments.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
optimisation
efficiency
excellence
When Microsoft Defender for Cloud identifies security incidents, it sends security alert notifications that guide you through the process of configuring the needed controls to protect and harden your Azure cloud environment.
Audit
To check for Microsoft Defender for Cloud security alerts within your Azure cloud account, perform the following operations:
Remediation / Resolution
To assess the security incidents that triggered the Microsoft Defender for Cloud alerts in your Azure cloud account in order remediate the security issues found, perform the following operations:
As an example, this section demonstrates how to remediate a security issue that triggered a security alert named "Suspected successful brute force attack" within Microsoft Defender for Cloud. The recommended security fix is to restrict inbound access on TCP port 22 (SSH) for the impacted resources, as virtual machine (VM) instances with TCP port 22 exposed to the Internet are vulnerable to malicious activities such as Man-in-the-Middle attacks (MITM) and brute-force attacks.References
- Azure Official Documentation
- Microsoft Defender for Cloud documentation
- What is Microsoft Defender for Cloud?
- Security alerts and incidents
- Manage and respond to security alerts in Microsoft Defender for Cloud
- Create, change, or delete a network security group
- Azure best practices for network security
- Azure Command Line Interface (CLI) Documentation
- az security alert show
- az security alert list
- az network nsg rule update
- az security alert update