Azure Security Center automatically collects, analyzes, and integrates log data from your Azure resources to detect threats. Machine learning algorithms run against collected data and generate security alerts. A list of prioritized security alerts is shown in Security Center along with the information you need to quickly investigate the problem, as well as recommendations for how to remediate an attack.
However, the threat landscape is constantly changing, and different customers have different needs. Therefore, it is important to stay in contact with customers and to continuously improve our threat detection capabilities, and to provide customers with the right information to help them address a security threat. To fulfill this, we have added the Alerts Customer Feedback to Azure Security Center, which gives the Security Center customers a channel to give feedback on the alerts that they received. This capability is currently available in public preview and is accessible from the alert blade. In the bottom part of the alert you will see the question “Was this useful?”, as shown below:
At this point, you can provide feedback in multiple resolutions with a simple user interface. The first resolution is to provide a feedback on whether the alert was useful or not. Once an answer is provided, a drop-down list of reasons appears. Useful alerts can be due to detected malicious activity (malicious true positive) or to non-malicious activity that still should cause an alert (benign true positive). The latter may be a result of a non-malicious attempt, such as a penetration testing activity or a benign login to a resource from an unusual location or in an unusual manner.
Alerts that are not useful should have not been fired or should have had more relevant information for further investigation. The available options are shown below:
In the third level of resolution, the user can provide additional comments in free text about the alerts.
This feature gives Security Center the attentiveness required for improving our detection mechanisms, allowing the product and support groups to listen more closely to customer needs. The feedback also lays out the foundations for automated tuning of alerts to better meet customer needs.
To learn more about the benefits of Security Center, visit our webpage.