Microsoft Defender for Storage

%3CLINGO-SUB%20id%3D%22lingo-sub-3058777%22%20slang%3D%22en-US%22%3EMicrosoft%20Defender%20for%20Storage%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3058777%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20there%2C%3C%2FP%3E%3CP%3Ewe%20want%20to%20use%20Defender%20for%20Storage%20but%20in%20a%20way%20that%20each%20of%20our%20product%20teams%20can%20enable%20this%20for%20their%20storage%20account.%20This%20is%20possible%20as%20far%20as%20I%20know%20but%20the%20alerts%20will%20just%20be%20accessible%20in%20the%20Defender%20Center.%20Is%20there%20a%20way%20to%20create%20alerts%20on%20resource%20or%20resource%20group%20level%20which%20will%20inform%20the%20team%20which%20is%20responsible%20for%20their%20resources%3F%20We%20want%20to%20enable%20all%20of%20our%20teams%20to%20see%20the%20alerts%20just%20for%20their%20resources%20and%20not%20centralized%20in%20the%20Defender%20Center%20overview.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%2Fcheers%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETom%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi there,

we want to use Defender for Storage but in a way that each of our product teams can enable this for their storage account. This is possible as far as I know but the alerts will just be accessible in the Defender Center. Is there a way to create alerts on resource or resource group level which will inform the team which is responsible for their resources? We want to enable all of our teams to see the alerts just for their resources and not centralized in the Defender Center overview.

 

/cheers

 

Tom

1 Reply
If you use tags in your environment, you can use the 'Tags' filter in the Security Alerts view to only see alerts related to certain project/app/owner/whatever. As an alternative you can create your own custom 'response' feature using Workflow Automation. Check out our GitHub repo for ideas: https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Workflow%20automation

Please also keep in mind that Defender for Cloud is not a SIEM solution, so it does not have advanced capabilities like Sentinel or any 3rd party SIEM.
We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE