Azure Security Center provides you with visibility across all your resources running in Azure and alerts you of potential or detected issues. The volume of alerts can be challenging for a security operations team to individually address. Due to the volume of alerts, security analysts have to prioritize which alerts they want to investigate. Investigating alerts can be complex and time consuming, so as a result, some alerts are ignored.
Security Center can help your team triage and prioritize alerts with a new capability called Confidence Score. The Confidence Score automatically investigates alerts by applying industry best practices, intelligent algorithms, and processes used by analysts to determine whether a threat is legitimate and provides you with meaningful insights.
How is the Azure Security Center Confidence Score triggered?
Alerts are generated due to detected suspicious processes running on your virtual machines. Security Center reviews and analyzes these alerts on Windows virtual machines running in Azure. It performs automated checks and correlations using advanced algorithms across multiple entities and data sources across the organization and all your Azure resources.
Results of Azure Security Center Confidence Score
The Confidence Score ranges between 1 to 100 and represents the confidence that the alert should be investigated. The higher the score is, the higher the confidence is that this alert indicates true malicious activity. Additionally, the Confidence Score provides a list of the top reasons why the alert received its Confidence Score. The Confidence Score makes it easier for the security analyst to prioritize his or her response to alerts and address the most pressing attacks first, ultimately reducing the amount of time it takes to respond to attacks and breaches.
You can find the Confidence Score in the Security alerts blade. The alerts and incidents are ordered based on Security Center’s confidence that they are legitimate threats. Here, you can see that the incident Suspicious screensaver process execution received a confidence score of 91.
When drilling down in the Security alert blade, in the Confidence section, you can view the observations that contributed to the confidence score and gain insights related to the alert. This enables you to get more insight into the nature of the activities that caused the alert.
Use Security Center’s Confidence Score to prioritize alert triage in your environment. The confidence score saves you time and effort by automatically investigating alerts, applying industry best practices and intelligent algorithms, and acting as a virtual analyst to determine which threats are real and where you need to focus your attention.
A public preview of this feature is available now on the Standard and Trial tiers of Security Center.