Skip to main content Show
This browser is no longer supported. Nội dung chính
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. Security alerts - a reference guide
In this articleThis article lists the security alerts you might get from Microsoft Defender for Cloud and any Microsoft Defender plans you've enabled. The alerts shown in your environment depend on the resources and services you're protecting, and your customized configuration. At the bottom of this page, there's a table describing the Microsoft Defender for Cloud kill chain aligned with version 9 of the MITRE ATT&CK matrix. Learn how to respond to these alerts. Learn how to export alerts. Note Alerts from different sources might take different amounts of time to appear. For example, alerts that require analysis of network traffic might take longer to appear than alerts related to suspicious processes running on virtual machines. Alerts for Windows machinesMicrosoft Defender for Servers Plan 2 provides unique detections and alerts, in addition to the ones provided by Microsoft Defender for Endpoint. The alerts provided for Windows machines are: Further details and notes
Alerts for Linux machinesMicrosoft Defender for Servers Plan 2 provides unique detections and alerts, in addition to the ones provided by Microsoft Defender for Endpoint. The alerts provided for Linux machines are: Further details and notes
Alerts for Azure App ServiceFurther details and notes
Alerts for containers - Kubernetes clustersMicrosoft Defender for Containers provides security alerts on the cluster level and on the underlying cluster nodes by monitoring both control plane (API server) and the containerized workload itself. Control plane security alerts can be recognized by a prefix of K8S_ of the alert type. Security alerts for runtime workload in the clusters can be recognized by the K8S.NODE_ prefix of the alert type. All alerts are supported on Linux only, unless otherwise indicated. Further details and notes
1: Preview for non-AKS clusters: This alert is generally available for AKS clusters, but it is in preview for other environments, such as Azure Arc, EKS and GKE. 2: Limitations on GKE clusters: GKE uses a Kuberenetes audit policy that doesn't support all alert types. As a result, this security alert, which is based on Kubernetes audit events, is not supported for GKE clusters. 3: This alert is supported on Windows nodes/containers. Alerts for SQL Database and Azure Synapse AnalyticsFurther details and notes
Alerts for open-source relational databasesFurther details and notes
Alerts for Resource ManagerFurther details and notes
Alerts for DNSFurther details and notes
Alerts for Azure StorageFurther details and notes
Alerts for Azure Cosmos DBFurther details and notes
Alerts for Azure network layerFurther details and notes
Alerts for Azure Key VaultFurther details and notes
Alerts for Azure DDoS ProtectionFurther details and notes
Security incident alertsFurther details and notes
MITRE ATT&CK tacticsUnderstanding the intention of an attack can help you investigate and report the event more easily. To help with these efforts, Microsoft Defender for Cloud alerts include the MITRE tactics with many alerts. The series of steps that describe the progression of a cyberattack from reconnaissance to data exfiltration is often referred to as a "kill chain". Defender for Cloud's supported kill chain intents are based on version 9 of the MITRE ATT&CK matrix and described in the table below.
Note For alerts that are in preview: The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability. Next stepsTo learn more about Microsoft Defender for Cloud security alerts, see the following:
FeedbackSubmit and view feedback for What does the contingency plan indicate?A contingency plan is a course of action designed to help an organization respond effectively to a significant future incident, event or situation that may or may not happen. What are the steps in contingency planning?Here are the steps you need to follow in a contingency planning process.. Step 1: Brainstorm and list down the key risks. ... . Step 2: Prioritize the Risks. ... . Step 3: Identify and Gather Resources. ... . Step 4: Start Creating Contingency Plans for Every Event. ... . Step 5: Share the plan with your team. ... . Step 6: Revisit the Plan.. What is an example of a contingency plan?A simple example of a contingency plan is to back up all website data in case a website gets hacked. If this scenario happens, it's easy to restore the data after regaining access and changing passwords. Not prepared? The team might have to recreate the entire website from memory. How do you test a contingency plan?Methods for testing contingency plans to determine the effectiveness of the plans and to identify potential weaknesses in the plans include, for example, walk-through and tabletop exercises, checklists, simulations (parallel, full interrupt), and comprehensive exercises. What does the contingency plan indicate?A contingency plan is a course of action designed to help an organization respond effectively to a significant future incident, event or situation that may or may not happen.
How do you test a contingency plan?Methods for testing contingency plans to determine the effectiveness of the plans and to identify potential weaknesses in the plans include, for example, walk-through and tabletop exercises, checklists, simulations (parallel, full interrupt), and comprehensive exercises.
What is the first phase of the CP process?The elements required to begin the CP process are a (1) planning methodology; a (2) policy environment to enable the planning process; (3)an understanding of the causes and effects of core precursor activities, known as the business impact analysis (BIA); and (4) access to financial and other resources, as articulated ...
How often should a contingency plan be evaluated?At a minimum the Contingency Plan shall be tested annually (within 365 days).
|