Alerts proactively notify you when security incidents happen in your environment. In this course, you’ll learn how to respond to security incidents in Azure by creating and managing Azure security alerts.

What This Course is All About?

It all start with a security incident and different organizations respond to incidents in different ways.

Some organizations respond to security incidents only after they happen or after suffering from an attack. But taking the time and effort building an incident response plan can help reducing both the cost and the damage.

And Having a proper incident management in place before security incidents even happen means you should plan for three things. How to prevent incidents from happening in the first place by hardening your resources and following security best practices, then being able to detect incidents when they happen, and of course responding to incidents after they happen using Azure security alerts.

This course helps you understand how Azure monitor resources in the cloud and even on-premises resources, what telemetries are available for you to consume, and what alerting capabilities you can use to serve your business case. You can alert on metrics, on activity logs or even write your own query and alert on the results coming back. Everything you need to know about Azure security alerts is included in this course.

Azure Security Alerts 13

What makes this course a unique one is the rich demos that reflect real and actual scenarios and threats that your organization might face and then provide you with recommendations and “how to” steps on setting the right alarms and Azure security alerts. Examples of such scenarios include:

  • How to detect if your Azure public IPs are under DDoS attack and how to set the right metrics to detect that and notify your SOC team.
  • Export Azure AD logs to workspace analytics and use query based alerts to detect when your emergency admin account is used recently and to alert you when a new Azure AD role assignment took place.
  • Notify your DevOps team when someone deleted your storage account containing sensitive audit data, which could be an attacker trying to hide is trails.
Azure Security Alerts 14

Course Description

Being able to detect incidents and respond to emerging threats is top of mind for every security professional. In this course, Managing and Responding to Microsoft Azure Security Alerts, you will learn foundational knowledge of creating and managing security alerts in Microsoft Azure.

First, you will learn how alerts in Azure works and what you can alert on. Next, you will learn from real scenario demos, how to create and customize alerts in Microsoft Azure to respond to real threats.

Finally, you will explore how to configure playbooks in Azure security center to automate your responses. When you are finished with this course, you will have the skills and knowledge needed to create and manage security alerts in Microsoft Azure.

Table of Content

  • Introducing Alerts in Microsoft Azure
    • Introduction
    • Introducing Alerts in Microsoft Azure
    • Managing Alerts State
    • Demo: Exploring Alerts Management Blade
    • Managing Alerts Action Groups
    • Demo: Creating Alert Action GROUP
    • Summary
  • Creating and Customizing Alerts in Microsoft Azure
    • Introduction
    • Creating Metric Alerts [Demo]
    • Creating Alerts on Analytics Query [Demo]
    • Creating Activity Log Alert [Demo]
    • Troubleshooting Alerts [Demo]
    • Summary
  • Configuring Playbook in Azure Security Center
    • Introduction
    • Introducing Playbooks in Azure Security Center
    • Demo: Configuring Playbook for Security
    • Summary

Access The Course Now [Managing and Responding to Azure Security Alerts]

You can access the course about Azure security alerts at Pluralsight by clicking here. You can also check my other courses at Pluralsight like my Azure AD PIM course and others by clicking here.

Azure Security Alerts 2