{"id":9668,"date":"2019-12-18T00:00:00","date_gmt":"2019-12-18T07:00:00","guid":{"rendered":"https:\/\/swimlane.com\/resource\/investigate-alerts-in-microsoft-azure\/"},"modified":"2026-04-06T04:47:46","modified_gmt":"2026-04-06T10:47:46","slug":"warnmeldungen-in-microsoft-azure-untersuchen","status":"publish","type":"sw_resource","link":"https:\/\/swimlane.com\/de\/blog\/investigate-alerts-in-microsoft-azure\/","title":{"rendered":"Wie man Warnmeldungen in Microsoft Azure mit SOAR untersucht"},"content":{"rendered":"\n\n\n<section class=\"bs-section bs-section-50ac0cc438dbf2f3b380783c05a3c736bb0670e7 bs-section---default bs-section--blog-inner-banner  \"><style>.bs-section.bs-section-50ac0cc438dbf2f3b380783c05a3c736bb0670e7{ background-color: #000743;} <\/style><div class=\"container\">\n<div class=\"bs-row row  flex-md-row-reverse bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-12 col-lg-6   bs-column-6770b3369b6c61539d3140cb52ed6bc5ec393625 bs-column---default bs-column--right d-flex flex-column justify-content-end    \"><figure class=\"wp-block-post-featured-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/Microsoft-Azure.png\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"Soft white cloud against a clear, light gray sky, conveying openness, calm, and simplicity.\" style=\"object-fit:cover;\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/Microsoft-Azure.png 800w, https:\/\/swimlane.com\/wp-content\/uploads\/Microsoft-Azure-300x200.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/Microsoft-Azure-768x512.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure><\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-6   bs-column-2ba18c9b6304620af4785b54fe900bf0ce0fc4d5 bs-column---default d-flex flex-column    \"><div class=\"wp-block-post-date\"><time datetime=\"2019-12-18T00:00:00-07:00\">Dez. 18, 2019<\/time><\/div>\n\n<h1 class=\"wp-block-post-title has-text-color has-white-color\">How to investigate alerts in Microsoft Azure with SOAR<\/h1>\n\n\n<div class=\"bs-div bs-div-44a15e4b99450b7aaf810333a0fbaa4ff5112133 bs-div---default\"><div class=\"bs-div__inner d-flex flex-wrap align-items-center    \">\n<a class=\"bs-post__author has-text-align-center\" href=\"https:\/\/swimlane.com\/de\/author\/Nick_Tausek\/\">\n\t<div class=\"profile-desc\">\n\t\t<figure>\n\t\t\t<img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/author_Nick_Tausek.jpg\" alt=\"user-avatar\">\n\t\t<\/figure>\n\t\t<span class=\"prefix\"><\/span>\n\t\t<span class=\"name\">\n\t\t\tNick Tausek\t\t<\/span>\n\t<\/div>\n<\/a>\n\n\n\n<div class=\"reading-time\">\n    <span class=\"reading-time__time\">4 <\/span> Minute Read\n<\/div><\/div><\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n\n\n\n\n\n\n<section class=\"bs-section bs-section-205a03f93391472c82564395e3b5684e68c8ef7d bs-section---default bs-section--blog-inner-main-contents  \"><div class=\"container\">\n<div class=\"bs-row row justify-content-between  bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-1   bs-column-fa02c15a19a9c2952663733986e45d4eef708638 bs-column---default     \"><div class=\"heateor_sss_sharing_container heateor_sss_horizontal_sharing\" data-heateor-ss-offset=\"0\" data-heateor-sss-href='https:\/\/swimlane.com\/de\/blog\/investigate-alerts-in-microsoft-azure\/'><div class=\"heateor_sss_sharing_ul\"><a aria-label=\"Email\" class=\"heateor_sss_email\" href=\"https:\/\/swimlane.com\/de\/blog\/investigate-alerts-in-microsoft-azure\/\" onclick=\"event.preventDefault();window.open('mailto:?subject=' + decodeURIComponent('How%20to%20investigate%20alerts%20in%20Microsoft%20Azure%20with%20SOAR').replace('&', '%26') + '&body=https%3A%2F%2Fswimlane.com%2Fde%2Fblog%2Finvestigate-alerts-in-microsoft-azure%2F', '_blank')\" title=\"Email\" rel=\"noopener\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#649a3f;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-.75 -.5 36 36\"><path d=\"M 5.5 11 h 23 v 1 l -11 6 l -11 -6 v -1 m 0 2 l 11 6 l 11 -6 v 11 h -22 v -11\" stroke-width=\"1\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Twitter\" class=\"heateor_sss_button_twitter\" href=\"https:\/\/twitter.com\/intent\/tweet?text=How%20to%20investigate%20alerts%20in%20Microsoft%20Azure%20with%20SOAR&url=https%3A%2F%2Fswimlane.com%2Fde%2Fblog%2Finvestigate-alerts-in-microsoft-azure%2F\" title=\"Twitter\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_twitter\" style=\"background-color:#55acee;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-4 -4 39 39\"><path d=\"M28 8.557a9.913 9.913 0 0 1-2.828.775 4.93 4.93 0 0 0 2.166-2.725 9.738 9.738 0 0 1-3.13 1.194 4.92 4.92 0 0 0-3.593-1.55 4.924 4.924 0 0 0-4.794 6.049c-4.09-.21-7.72-2.17-10.15-5.15a4.942 4.942 0 0 0-.665 2.477c0 1.71.87 3.214 2.19 4.1a4.968 4.968 0 0 1-2.23-.616v.06c0 2.39 1.7 4.38 3.952 4.83-.414.115-.85.174-1.297.174-.318 0-.626-.03-.928-.086a4.935 4.935 0 0 0 4.6 3.42 9.893 9.893 0 0 1-6.114 2.107c-.398 0-.79-.023-1.175-.068a13.953 13.953 0 0 0 7.55 2.213c9.056 0 14.01-7.507 14.01-14.013 0-.213-.005-.426-.015-.637.96-.695 1.795-1.56 2.455-2.55z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Facebook\" class=\"heateor_sss_facebook\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fswimlane.com%2Fde%2Fblog%2Finvestigate-alerts-in-microsoft-azure%2F\" title=\"Facebook\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#0765FE;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path fill=\"#fff\" d=\"M28 16c0-6.627-5.373-12-12-12S4 9.373 4 16c0 5.628 3.875 10.35 9.101 11.647v-7.98h-2.474V16H13.1v-1.58c0-4.085 1.849-5.978 5.859-5.978.76 0 2.072.15 2.608.298v3.325c-.283-.03-.775-.045-1.386-.045-1.967 0-2.728.745-2.728 2.683V16h3.92l-.673 3.667h-3.247v8.245C23.395 27.195 28 22.135 28 16Z\"><\/path><\/svg><\/span><\/a><a aria-label=\"Linkedin\" class=\"heateor_sss_button_linkedin\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fswimlane.com%2Fde%2Fblog%2Finvestigate-alerts-in-microsoft-azure%2F\" title=\"Linkedin\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_linkedin\" style=\"background-color:#0077b5;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path d=\"M6.227 12.61h4.19v13.48h-4.19V12.61zm2.095-6.7a2.43 2.43 0 0 1 0 4.86c-1.344 0-2.428-1.09-2.428-2.43s1.084-2.43 2.428-2.43m4.72 6.7h4.02v1.84h.058c.56-1.058 1.927-2.176 3.965-2.176 4.238 0 5.02 2.792 5.02 6.42v7.395h-4.183v-6.56c0-1.564-.03-3.574-2.178-3.574-2.18 0-2.514 1.7-2.514 3.46v6.668h-4.187V12.61z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><\/div><div class=\"heateorSssClear\"><\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-lg-8 col-md-11   bs-column-0d83d6d9863f92131cc95492d42e5b50c72f00bb bs-column---default bs-column--contents     \">\n<h2 class=\"wp-block-heading\">&nbsp;<\/h2>\n\n\n\n<p>Alerts or detections come in many forms\u2014some are good and some are not\u2014and security operations center (SOC) analysts are responsible for the initial investigation into these anomalies. What\u2019s more, when it comes to cloud-based resources, we may not have the luxury of logging everything that happens on a host operating system.<\/p>\n\n\n\n<p>Microsoft Azure helps provide quite a bit of data to assist with the initial investigation, as well as some initial response actions. If you are a tier-one or -two analyst, you probably don\u2019t have the ability to perform a full investigation, which is typically completed by your incident response or digital forensics team. With this in mind, I would like to introduce Swimlane\u2019s new Microsoft Azure Use Case for just this situation.<\/p>\n\n\n\n<p><em>You can also check out our recent webinar \u201c<\/em><em>How to Expedite Security Investigations with Microsoft Azure and Swimlane<\/em><em>.\u201d <\/em><\/p>\n\n\n\n<figure class=\"wp-block-image c-figure--inline\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/Investigate-alerts-in-Microsoft-Azure_1.png\" alt=\"Azure integration in Swimlane\"\/><figcaption class=\"wp-element-caption\">An initial alert was received regarding an unknown outbound request being made on a host.<\/figcaption><\/figure>\n\n\n\n<p>When an alert is received within our application, we first should gather information about the host system. In this example, we are using Microsoft Azure Computer VMs (Virtual Machines).<\/p>\n\n\n\n<p>Viewing the record within Swimlane allows you to see the alert source and alert type quickly. Additionally, you can review the high-level details of the impacted system.<\/p>\n\n\n\n<p>If we view the <em>VM Details<\/em> tab, we can see more information about this system. This information is critical to begin working in Azure and gives you context for the type of system you need to investigate.<\/p>\n\n\n\n<figure class=\"wp-block-image c-figure--inline\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/Investigate-alerts-in-Microsoft-Azure_2.png\" alt=\"Additional Azure integration in Swimlane platform\"\/><figcaption class=\"wp-element-caption\">An analyst can view critical details about our VM hosted within Azure.<\/figcaption><\/figure>\n\n\n\n<p>Once you are familiar with the impacted resource, you can begin initial research about the system. When you select the <em>In Research<\/em> tab in our investigation phase widget, a new tab will be displayed next to <em>VM Details<\/em> called <em>Research<\/em>. Simultaneously, part of our defined workflow will begin to gather critical information about this system\u2019s behavior and its network topology (more on this soon).<\/p>\n\n\n\n<p>Swimlane will immediately begin gathering metrics about the system and generate visual graphs, which are uploaded to this record. You can then see these graphs to review and analyze the behavior of the VM.<\/p>\n\n\n\n<figure class=\"wp-block-image c-figure--inline\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/Investigate-alerts-in-Microsoft-Azure_3.png\" alt=\"Graphic representation of Azure in Swimlane\"\/><figcaption class=\"wp-element-caption\">CPU Percentage metrics for the past 24 hours.<\/figcaption><\/figure>\n\n\n\n<p>By using Swimlane and Python, you can get detailed metrics about a virtual machine such as the <em>Percentage of CPU<\/em>, <em>Disk Read Operations per second, Inbound Network Flow, <\/em>and<em> Outbound Network Flow.<\/em><\/p>\n\n\n\n<p>Additionally, Swimlane can generate a network topology map, allowing you to know exactly where the virtual machine resides and what other systems may reside within its subnet. In the screenshot below, you can see the Network Security Group (NSG) this virtual machine resides in (top node) and then any subnets associated with this NSG. All systems are seen under that subnet with the target (focused) system highlighted in red.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/Investigate-alerts-in-Microsoft-Azure_4.png\" alt=\"Workflow with Azure in Swimlane\"\/><\/figure>\n\n\n\n<p>Finally, within the <em>research<\/em> section of this application, you can run PowerShell on the remote virtual machine using Azure <a href=\"https:\/\/swimlane.com\/blog\/understanding-apis-rest\/\">REST APIs<\/a>. Luckily for us, the <a href=\"https:\/\/docs.microsoft.com\/en-us\/rest\/api\/compute\/virtualmachineruncommands\" target=\"_blank\" rel=\"noopener\">Azure REST APIs<\/a> provide a list of standard scripts that you can run on a system. These commands are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>EnableRemotePS<\/li>\n\n\n\n<li>EnableAdminAccount<\/li>\n\n\n\n<li>IPConfig<\/li>\n\n\n\n<li>RDPSettings<\/li>\n\n\n\n<li>ResetRDPCert<\/li>\n\n\n\n<li>SetRDPPort<\/li>\n<\/ul>\n\n\n\n<p>You can upload your own PowerShell script and run this using the Azure REST APIs as well!<\/p>\n\n\n\n<p>Once you have finished your research, you may choose to close-out the alert or move on to the <em>Handling<\/em> phase. Within this phase, we support a lot of different functionality, including the ability to create a new Azure Monitor alert, create a new Azure Security Contact associated with an Azure Monitor Alert. In addition to these, we have added the capability of starting and stopping a packet capture.<\/p>\n\n\n\n<figure class=\"wp-block-image c-figure--inline\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/Investigate-alerts-in-Microsoft-Azure_5.png\" alt=\"Playbook for Microsoft Azure in Swimlane\"\/><figcaption class=\"wp-element-caption\">You can start a packet capture for this virtual machine and once complete attach it to this Swimlane record<\/figcaption><\/figure>\n\n\n\n<p>If you have been given the appropriate rights, you can start and stop a packet capture. And if you wanted to set a duration to start and stop the packet capture automatically, you can do that as well. We have also added the capability of sending a notification via email (but you could integrate with other services like Slack) to the intended recipient when it has completed and uploaded to the Swimlane record.<\/p>\n\n\n\n<p>If you have reviewed and\/or inspected the packet capture using either an API or using Wireshark (or some other similar tool) and have determined that they need to isolate this host to be sure before escalating to a more experienced analyst then they can do so on the next tab under the <em>Isolation<\/em> section.<\/p>\n\n\n\n<p>I also wanted to mention that we support querying Azure Monitor using KQL (Kusto Query Language). You can simply add default\/template queries here or copy\/paste another query into this field and run it against Azure Monitor. Once the query is complete, you should see the returned results in our KQL Results widget:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/Investigate-alerts-in-Microsoft-Azure_6.png\" alt=\"Log display for Azure in Swimlane\"\/><\/figure>\n\n\n\n<p>Finally, if you have determined that you need to escalate the alert, you can select the <em>Escalate<\/em> tab and broadcast a notification to multiple different sources (depending on your organization\u2019s use of tools).<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/Investigate-alerts-in-Microsoft-Azure_7.png\" alt=\"Playbook icons in Azure workflow in Swimlane.\"\/><\/figure>\n\n\n\n<p>That\u2019s it! I hope you enjoy our new use case with Microsoft Azure. <a href=\"https:\/\/swimlane.com\/resources\/webinar-expedite-security-investigations-microsoft-azure\/\">And if you haven\u2019t caught our webinar yet, check it out!<\/a><\/p>\n\n\n\n<div class=\"bs-div bs-div-8c78f29fae91579db42fc3c3b4ece2dddbd5c4fe bs-div---default bs-div--blog-inner-download-guide\"><style>.bs-div.bs-div-8c78f29fae91579db42fc3c3b4ece2dddbd5c4fe {background-image: url(https:\/\/swimlane.com\/wp-content\/uploads\/2022\/10\/download-report.png); background-position: center center;\n    background-size: cover;} <\/style><div class=\"bs-div__inner d-flex flex-wrap justify-content-center  flex-md-row-reverse align-items-md-center justify-content-md-between flex-md-nowrap  \">\n<div class=\"bs-div bs-div-773aef0a3852274bc6b23f7985e05efd194e399e bs-div---default\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"h-webinar-how-to-expedite-security-investigations-with-microsoft-azure-and-swimlane\">Webinar: How to expedite security investigations with Microsoft Azure and Swimlane<\/h2>\n\n\n\n<p class=\"has-white-color has-text-color\">During this on-demand webinar, Security Research Engineer Josh Rickard and SOAR Evangelist Jay Spann will show you how Swimlane\u2019s security orchestration, automation and response (SOAR) platform can help facilitate the investigation of alerts impacting your Microsoft Azure infrastructure.<\/p>\n\n\n\n<span class=\"bs-pro-button bs-pro-button---default bs-pro-button--primary-with-arrow-small bs-pro-button-p-btn-a7e3808d2ba8a751b681855f60a1979d855ba8ca\"><style>.bs-pro-button-p-btn-a7e3808d2ba8a751b681855f60a1979d855ba8ca .bs-pro-button__container {background-color: #abb8c3; color: #000000;}<\/style><a href=\"https:\/\/swimlane.com\/resources\/webinar-expedite-security-investigations-microsoft-azure\/\" target=\"\" rel=\"noopener noreferrer\" class=\"bs-pro-button__container\">Watch Now<\/a><\/span>\n<\/div><\/div>\n<\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-3   bs-column-0ad64702520e52820989c3b8a4a5574abd826112 bs-column---default     \">\n<div class=\"bs-div bs-div-f0851be86a4542da358c10ec17ccebffa17efe07 bs-div---default bs-div--tags\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-tags\">Tags<\/h2>\n\n\n<div class=\"post-tag-wrapper\">\n    <p><a href='https:\/\/swimlane.com\/de\/tag\/soar\/'><span class='tag-content'>SOAR<\/span><\/a><\/p><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"bs-div bs-div-5e7267355d8caf36f5b5e0c86eef387b664b848d bs-div---default bs-div--related-posts\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-related-posts\">Related Posts<\/h2>\n\n\n\n<div class=\"bs-related-posts bs-related-posts-block---default\"><div class=\"bs-related-posts__container\"><div class=\"bs-related-posts__items\">\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69fb99e1f243f bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/de\/blog\/too-many-siem-alerts-use-sao\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Mai 22, 2017<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Are too many SIEM alerts overwhelming your staff? Use SAO.<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69fb99e1f3adf bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/de\/blog\/incident-response-platform\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Sep. 2, 2022<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Managing Security Alerts with an Incident Response Platform<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69fb99e204204 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/de\/blog\/rsa-netwitness-alerts\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Okt. 18, 2017<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>RSA NetWitness alerts managed with security automation and orchestration (SAO)<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section class=\"bs-section bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1 bs-section---default bs-section--newsletter bs-section--common-marketo-form bs-section--common-marketo-form-two-columns  \"><style>.bs-section.bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1{ background-color: #000743;} <\/style><div class=\"container-fluid\">\n<div class=\"bs-row row   bs-row---default\">\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"requestor\">Request a Live Demo<\/h2>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/liitp.svg' class='img-fluid'   alt='' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n<script src=\"\/\/pages.swimlane.com\/js\/forms2\/js\/forms2.min.js\"><\/script>\n<form id=\"mktoForm_1017\"><\/form>\n<script>\n    var embeddedFormId = '05a6905d0187a23e165b2fd995e965fe15cb94f6';\n    var marketoBaseUrl = '\/\/pages.swimlane.com';\n    var munchkinId = '978-QCM-390';\n    var formId = '1017';\n    var responseType = 'redirect';\n    var responseMessage = 'Thank you!';\n    var redirectURL = '';\n    var downloadFileURL = '';\n    var linkOpenType = '_self';\n    var popupVideo = 'url';\n    var popupVideoURL = '';\n    var popupVideoUploadURL = '';\n    MktoForms2.loadForm(marketoBaseUrl, munchkinId, formId, function(form) {\n        form.onSuccess(function(values, followUpUrl) {\n            document.getElementById(\"int_mktoForm_\" + formId).innerHTML = responseMessage;\n                    });\n    });\n<\/script>\n<div class=\"form-submit-note\" id=\"int_mktoForm_1017\"><\/div>\n<!-- Incluing form response options -->\n\n\n\n<script>\n    (function() {\n        \/\/ Please include the email domains you would like to block in this list\n        var invalidDomains = [\"@gmail.\", \"@yahoo.\", \"@hotmail.\", \"@live.\", \"@icloud.\",\"@aol.\", \"@outlook.\", \"@proton.\", \"@mailinator.\"];\n\n\n        MktoForms2.whenReady(function(form) {\n            form.onValidate(function() {\n                var email = form.vals().Email;\n                if (email) {\n                    if (!isEmailGood(email)) {\n                        form.submitable(false);\n                        var emailElem = form.getFormElem().find(\"#Email\");\n                        form.showErrorMessage(\"Must be Business email.\", emailElem);\n                    } else {\n                        form.submitable(true);\n                    }\n                }\n            });\n        });\n\n        function isEmailGood(email) {\n            for (var i = 0; i < invalidDomains.length; i++) {\n                var domain = invalidDomains[i];\n                if (email.indexOf(domain) != -1) {\n                    return false;\n                }\n            }\n            return true;\n        }\n\n\n    })(); \n<\/script>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":22,"featured_media":9669,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"Fluffy white clouds in an azure sky","learn_more_type":"","learn_more_link":[],"show_popup":false,"disable_iframe":false,"enable_lazy_loading":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","featured_page_list":[],"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"tags":[89],"resource-type":[67],"resource-topic":[],"resource-industry":[],"blog-category":[74],"class_list":["post-9668","sw_resource","type-sw_resource","status-publish","has-post-thumbnail","hentry","tag-soar","resource-type-blogs","blog-category-integrations"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.5 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Investigate alerts in Microsoft Azure with SOAR<\/title>\n<meta name=\"description\" content=\"How to investigate alerts in Microsoft Azure with SOAR in order to automate your response and monitor vigilently.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/swimlane.com\/de\/blog\/warnmeldungen-in-microsoft-azure-untersuchen\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to investigate alerts in Microsoft Azure with SOAR\" \/>\n<meta property=\"og:description\" content=\"How to investigate alerts in Microsoft Azure with SOAR in order to automate your response and monitor vigilently.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/swimlane.com\/de\/blog\/warnmeldungen-in-microsoft-azure-untersuchen\/\" \/>\n<meta property=\"og:site_name\" content=\"AI Security Automation\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-06T10:47:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/swimlane.com\/wp-content\/uploads\/Microsoft-Azure.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"533\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@swimlane\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"6\u00a0Minuten\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Untersuchen Sie Warnmeldungen in Microsoft Azure mit SOAR","description":"Wie Sie Warnmeldungen in Microsoft Azure mit SOAR untersuchen, um Ihre Reaktion zu automatisieren und eine sorgf\u00e4ltige \u00dcberwachung zu gew\u00e4hrleisten.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/swimlane.com\/de\/blog\/warnmeldungen-in-microsoft-azure-untersuchen\/","og_locale":"de_DE","og_type":"article","og_title":"How to investigate alerts in Microsoft Azure with SOAR","og_description":"How to investigate alerts in Microsoft Azure with SOAR in order to automate your response and monitor vigilently.","og_url":"https:\/\/swimlane.com\/de\/blog\/warnmeldungen-in-microsoft-azure-untersuchen\/","og_site_name":"AI Security Automation","article_modified_time":"2026-04-06T10:47:46+00:00","og_image":[{"width":800,"height":533,"url":"https:\/\/swimlane.com\/wp-content\/uploads\/Microsoft-Azure.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@swimlane","twitter_misc":{"Est. reading time":"6\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/swimlane.com\/de\/blog\/investigate-alerts-in-microsoft-azure\/","url":"https:\/\/swimlane.com\/de\/blog\/investigate-alerts-in-microsoft-azure\/","name":"Untersuchen Sie Warnmeldungen in Microsoft Azure mit SOAR","isPartOf":{"@id":"https:\/\/swimlane.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/swimlane.com\/de\/blog\/investigate-alerts-in-microsoft-azure\/#primaryimage"},"image":{"@id":"https:\/\/swimlane.com\/de\/blog\/investigate-alerts-in-microsoft-azure\/#primaryimage"},"thumbnailUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/Microsoft-Azure.png","datePublished":"2019-12-18T07:00:00+00:00","dateModified":"2026-04-06T10:47:46+00:00","description":"Wie Sie Warnmeldungen in Microsoft Azure mit SOAR untersuchen, um Ihre Reaktion zu automatisieren und eine sorgf\u00e4ltige \u00dcberwachung zu gew\u00e4hrleisten.","breadcrumb":{"@id":"https:\/\/swimlane.com\/de\/blog\/investigate-alerts-in-microsoft-azure\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/swimlane.com\/de\/blog\/investigate-alerts-in-microsoft-azure\/"]}]},{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/swimlane.com\/de\/blog\/investigate-alerts-in-microsoft-azure\/#primaryimage","url":"https:\/\/swimlane.com\/wp-content\/uploads\/Microsoft-Azure.png","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/Microsoft-Azure.png","width":800,"height":533,"caption":"Soft white cloud against a clear, light gray sky, conveying openness, calm, and simplicity."},{"@type":"BreadcrumbList","@id":"https:\/\/swimlane.com\/de\/blog\/investigate-alerts-in-microsoft-azure\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/swimlane.com\/"},{"@type":"ListItem","position":2,"name":"How to investigate alerts in Microsoft Azure with SOAR"}]},{"@type":"WebSite","@id":"https:\/\/swimlane.com\/de\/#website","url":"https:\/\/swimlane.com\/de\/","name":"Low-Code Sicherheitsautomatisierung &amp; SOAR-Plattform | Swimlane","description":"Agentische KI-Automatisierung f\u00fcr jede Sicherheitsfunktion","publisher":{"@id":"https:\/\/swimlane.com\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/swimlane.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/swimlane.com\/de\/#organization","name":"Low-Code Sicherheitsautomatisierung &amp; SOAR-Plattform | Swimlane","url":"https:\/\/swimlane.com\/de\/","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/swimlane.com\/de\/#\/schema\/logo\/image\/","url":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","width":912,"height":190,"caption":"Low-Code Security Automation & SOAR Platform | Swimlane"},"image":{"@id":"https:\/\/swimlane.com\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/swimlane","https:\/\/www.linkedin.com\/company\/swimlane\/"]}]}},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/sw_resource\/9668","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/sw_resource"}],"about":[{"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/types\/sw_resource"}],"author":[{"embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/users\/22"}],"version-history":[{"count":1,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/sw_resource\/9668\/revisions"}],"predecessor-version":[{"id":55533,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/sw_resource\/9668\/revisions\/55533"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/media\/9669"}],"wp:attachment":[{"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/media?parent=9668"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/tags?post=9668"},{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/resource-type?post=9668"},{"taxonomy":"resource-topic","embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/resource-topic?post=9668"},{"taxonomy":"resource-industry","embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/resource-industry?post=9668"},{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/swimlane.com\/de\/wp-json\/wp\/v2\/blog-category?post=9668"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}