Azure Security Center search
Security Center's Search dashboard will be retired on July 31st, 2019. For more information and alternative services, see Retirement of Security Center features (July 2019).
Azure Security Center uses Azure Monitor logs search to retrieve and analyze your security data. Azure Monitor logs includes a query language to quickly retrieve and consolidate data. From Security Center, you can leverage Azure Monitor logs search to construct queries and analyze collected data.
Search is available in both the Free tier and Standard tier of Security Center. The data available in your log searches is dependent on the tier level applied to your workspace. See the Security Center pricing page for more information.
Security Center does not save security data for a workspace under the Free tier. You can send a variety of logs to a workspace under the Free tier and search on that data but search results do not include data from Security Center. Security Center only saves data to a workspace under the Standard tier.
Under the Security Center main menu, select Search.
Security Center lists all workspaces under your Azure subscriptions. Select a workspace. (If you have only one workspace, this workspace selector does not appear.)
Log Search opens. To query for more data under the selected workspace, enter this example query:
SecurityEvent | where EventID == 4625 | summarize count() by TargetAccount
Result shows all accounts that failed to sign in (event 4625).
See Kusto query language for more information on how to query for data under the selected workspace.
In this article you learned how to access search in Security Center. Security Center uses Azure Monitor logs search. To learn more about Azure Monitor logs search, see:
- What is Azure Monitor logs? – Overview on Azure Monitor logs
- Understanding log searches in Azure Monitor logs - Describes how log searches are used in Azure Monitor logs and provides concepts that should be understood before creating a log search
- Find data using log searches in Azure Monitor logs – Tutorial on using log search
- Kusto search reference – Describes the query language in Azure Monitor logs
To learn more about Security Center, see:
- Security Center Overview – Describes Security Center’s key capabilities