Azure Security Center search

Note

Security Center's Search dashboard will be retired on July 31st, 2019. For more information and alternative services, see Retirement of Security Center features (July 2019).

Azure Security Center uses Azure Monitor logs search to retrieve and analyze your security data. Azure Monitor logs includes a query language to quickly retrieve and consolidate data. From Security Center, you can leverage Azure Monitor logs search to construct queries and analyze collected data.

Search is available in both the Free tier and Standard tier of Security Center. The data available in your log searches is dependent on the tier level applied to your workspace. See the Security Center pricing page for more information.

Note

Security Center does not save security data for a workspace under the Free tier. You can send a variety of logs to a workspace under the Free tier and search on that data but search results do not include data from Security Center. Security Center only saves data to a workspace under the Standard tier.

  1. Under the Security Center main menu, select Search.

    Select Log search

  2. Security Center lists all workspaces under your Azure subscriptions. Select a workspace. (If you have only one workspace, this workspace selector does not appear.)

    Select a workspace

  3. Log Search opens. To query for more data under the selected workspace, enter this example query:

    SecurityEvent | where EventID == 4625 | summarize count() by TargetAccount

    Result shows all accounts that failed to sign in (event 4625).

    Search results

See Kusto query language for more information on how to query for data under the selected workspace.

Next steps

In this article you learned how to access search in Security Center. Security Center uses Azure Monitor logs search. To learn more about Azure Monitor logs search, see:

To learn more about Security Center, see: