Skip to main content This browser is no longer supported. Show
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. Security alerts - a reference guide
In this articleThis article lists the security alerts you might get from Microsoft Defender for Cloud and any Microsoft Defender plans you've enabled. The alerts shown in your environment depend on the resources and services you're protecting, and your customized configuration. At the bottom of this page, there's a table describing the Microsoft Defender for Cloud kill chain aligned with version 9 of the MITRE ATT&CK matrix. Learn how to respond to these alerts. Learn how to export alerts. Note Alerts from different sources might take different amounts of time to appear. For example, alerts that require analysis of network traffic might take longer to appear than alerts related to suspicious processes running on virtual machines. Alerts for Windows machinesMicrosoft Defender for Servers Plan 2 provides unique detections and alerts, in addition to the ones provided by Microsoft Defender for Endpoint. The alerts provided for Windows machines are: Further details and notes
Alerts for Linux machinesMicrosoft Defender for Servers Plan 2 provides unique detections and alerts, in addition to the ones provided by Microsoft Defender for Endpoint. The alerts provided for Linux machines are: Further details and notes
Alerts for Azure App ServiceFurther details and notes
Alerts for containers - Kubernetes clustersMicrosoft Defender for Containers provides security alerts on the cluster level and on the underlying cluster nodes by monitoring both control plane (API server) and the containerized workload itself. Control plane security alerts can be recognized by a prefix of Further details and notes
1: Preview for non-AKS clusters: This alert is generally available for AKS clusters, but it is in preview for other environments, such as Azure Arc, EKS and GKE. 2: Limitations on GKE clusters: GKE uses a Kuberenetes audit policy that doesn't support all alert types. As a result, this security alert, which is based on Kubernetes audit events, is not supported for GKE clusters. 3: This alert is supported on Windows nodes/containers. Alerts for SQL Database and Azure Synapse AnalyticsFurther details and notes
Alerts for open-source relational databasesFurther details and notes
Alerts for Resource ManagerFurther details and notes
Alerts for DNSFurther details and notes
Alerts for Azure StorageFurther details and notes
Alerts for Azure Cosmos DBFurther details and notes
Alerts for Azure network layerFurther details and notes
Alerts for Azure Key VaultFurther details and notes
Alerts for Azure DDoS ProtectionFurther details and notes
Security incident alertsFurther details and notes
MITRE ATT&CK tacticsUnderstanding the intention of an attack can help you investigate and report the event more easily. To help with these efforts, Microsoft Defender for Cloud alerts include the MITRE tactics with many alerts. The series of steps that describe the progression of a cyberattack from reconnaissance to data exfiltration is often referred to as a "kill chain". Defender for Cloud's supported kill chain intents are based on version 9 of the MITRE ATT&CK matrix and described in the table below.
Note For alerts that are in preview: The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability. Next stepsTo learn more about Microsoft Defender for Cloud security alerts, see the following:
FeedbackSubmit and view feedback for Additional resourcesAdditional resourcesIn this articleWhat is an external informational message?An external-informational message is meant to provide information and build relationships, whereas an external persuasive message is used to get people to make a purchase.
What should be used to end a routine inquiry message?Ending a message with phrases such as "as soon as possible" or "at your convenience" helps in building goodwill. understands the importance of a timely response. A routine inquiry should not open with a question or request.
Which type of message is most often used to get the audience to buy something?The media messages most concerned with persuading us are found in advertising, public relations and advocacy. Commercial advertising tries to persuade us to buy a product or service.
What is the advantage of closing a message with a tailored ending?What is the advantage of closing a message with a tailored ending? It helps in building more goodwill.
|