Create and customize alerts

• Azure Security Center automatically collects, analyzes, and fuses log data from your Azure resources, the network, and partner solutions
• It can detect events such as:
  • Compromised VMs communicating with known malicious IP addresses
  • Advanced malware detected by Windows error reporting
  • Brute-force attacks against VMs
  • Security alerts from integrated partner security solutions, such as antimalware or web application firewalls
• When Security Center detects a threat, it creates a security alert
• Security Center logs individual security alerts and combines individual alerts into incidents
• An incident is a collection of related individual alerts

Manage security alerts

• In the Azure portal, the Overview page for Security Center displays an at-a-glance view of your environment 
• The Detection area of the Overview page displays a graph of your current alerts, colored according to severity level (high, medium, or low)
• The bottom part of the blade displays details for each alert

Configure a playbook for a security event by using Azure Security Center

• A security playbook can help automate and orchestrate your response to a specific security alert that Security Center detects
• Security playbooks in Security Center are based on Azure Logic Apps
• The Security Center team has set up a GitHub repository with instructions on how to create a security playbook 
• In Security Center, you can add actions or conditions to an existing playbook