Microsoft introduced the ability for DDoS Protection Standard customers to view DDoS Alerts in Azure Security Center (ASC) and this capability is generally available for all ASC and DDoS Standard customers. These DDoS alerts will be available for review in the Security Center in near real-time without any setup or manual integrations required and will provide details on DDoS attacks detected and automatically mitigated by the service.
Customers who are protecting their virtual networks against DDoS attacks with Azure DDoS Protection Standard will now have a unified visibility into all DDoS attack related alerts and actions taken to mitigate the attack. These alerts can be viewed in the Azure Portal under Security Center ->Threat Protection -> Security Alerts. The screenshot below shows an example of the DDoS attack alerts in Security Center.
There are two types of alerts that may be triggered:
- The DDoS attack detected for Public IP alert will be generated when a Public IP resource is the target of a DDoS attack and it has been detected by the DDoS Protection Service.
- The DDoS Attack Mitigated for Public IP alert will be generated when an attack has been mitigated for a Public IP resource that was under an attack.
The alerts will include general information about the attack / mitigation, geo & threat intelligence associated with the event and the remediations steps that were taken. While there are no specific actions required from the customer to get the benefit of these alerts, it is advised that the customers review the alerts and their details for informational purposes.