Tip of the day – Generate Azure Security Center for Azure Log Integration


You may not see log entries from Azure Security Center imported into your Azure Log Integration log collection computer. There can be multiple reasons for this, but one common reason is that there are no Security Alerts generated by Azure Security Center.

In order to generate such an alert on-demand, you can take advantage of the eicar test file - which will cause antimalware to detect a "virus" (even though the eicar test file is NOT a virus) which will lead to an Azure Security Alert to be generated. After the alert is generated, an entry will appear in Azure table storage and that entry will be imported into the file system of the Azure Log Integration log collection computer.

Azure Security Center Alert - Malware detection and removal test

    • On a VM, install Endpoint if not already

extension

  • Create an EICAR file on a folder on the VM. Here is the link to how https://en.wikipedia.org/wiki/EICAR_test_file
    It is basically, Open notepage, copy the EICAR text string, save the file as eicar.com

The above steps will initiate a malware clean and you will get an alert in Azure security center


Comments (0)

Skip to main content