Use Logic Apps to respond to Security Center Alerts
Azure Security Center is a service that offers two solutions:
- A Cloud Security Posture Management (CSPM) solution, which frequently will provide you with information about your current configuration of Azure service in your subscription.
- A Cloud Workload Protection Platform (CWPP) solution, which protects against cyber threats aimed at servers, regardless of where they reside.
By default, Azure Security Center is enabled in your subscription, and when you select it, you will see a dashboard like below.
The dashboard (Overview) shows three areas: Policy & Compliance, Resource security hygiene, and threat protection.
You can use Logic Apps to respond to Azure Security Center alerts. When creating a Logic App, you can choose a ‘when a security center alert is created of triggered’ Logic App trigger.
The next action can be an Exchange, Outlook or Teams action to notify people of security issue.
To conclude, Logic App provides means to notify people of a Security issue with a subscription they can act upon proactively. A Logic App can be useful when, for instance, a brute force attack is detected by Security Center, and thus be triggered. Yet there can be many other alerts that a Logic App can respond to and be useful for notifications.