Create A Security Automation for specific Alerts

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

Bicep Version

Deploy To Azure Visualize

This template deploys an Azure Security Center Automation which will be triggered by Azure Security alerts which their display name contains a specific string. Automation is an Azure Resource which triggers a Logic App.

Overview and deployed resources

This is an overview of the solution

The following resources are deployed as part of the solution

Microsoft.Logic Resource provider

The Microsoft.Logic Resource provider is used to create an empty triggerable Logic App.

  • Logic App: An empty triggerable Logic App.

Microsoft.Security Resource provider

The Microsoft.Security Resource provider (Azure Security Center) is where the Automation which will trigger the logic app will be created.

  • Automation: The automation that triggers the empty Logic App upon receiving an Azure Security Center alert that contains a specific string. In our example the alert triggering rule is Virtual Machine and has a severity of either Medium, High, Low.

Prerequisites

Users need to be registered to both Microsoft.Logic and Microsoft.Security resource providers to run this deployment.

Deployment steps

You can select the Deploy to Azure button at the beginning of this document. To learn more about how to deploy the template, see the quickstart article.

Notes

Solution notes

Tags: Security, Security Center, LogicApps, Automations, Microsoft.Security/automations, Microsoft.Logic/workflows, request, object, string