Connect data from Azure Security Center (ASC)

Azure Sentinel enables you to connect alerts from Azure Security Center and stream them into Azure Sentinel.

Prerequisites

Connect to Azure Security Center

  1. In Azure Sentinel, select Data connectors from the navigation menu.

  2. From the data connectors gallery, select Azure Security Center, and click the Open connector page button.

  3. Under Configuration, click Connect next to each subscription whose alerts you want to stream into Azure Sentinel. The Connect button will be available only if you have the required permissions and the ASC Standard tier subscription.

  4. You can select whether you want the alerts from Azure Security Center to automatically generate incidents in Azure Sentinel. Under Create incidents, select Enabled to turn on the default analytics rule that automatically creates incidents from alerts. You can then edit this rule under Analytics, in the Active rules tab.

  5. To use the relevant schema in Log Analytics for the Azure Security Center alerts, search for SecurityAlert.

Next steps

In this document, you learned how to connect Azure Security Center to Azure Sentinel. To learn more about Azure Sentinel, see the following articles: