Investigating a compromised system in a hybrid cloud
For this hybrid scenario, the compromised system will be located on-premises and the company has a cloud-based monitoring system, which for the purpose of this example will be Azure Security Center. To show how a hybrid cloud scenario can be similar to an on-premises online scenario, we will use the same case that was used before. Again, a user received a phishing email, clicked on the hyperlink, and got compromised. The difference now is that there is an active sensor monitoring the system that will trigger an alert to SecOps, and the user will be contacted. The users don't need to wait days to realize they were compromised; the response is faster and more accurate.
The SecOps engineer has access to the Security Center dashboard and, when an alert is created, it shows the NEW flag besides the alert name. The SecOps engineer also noticed that a new security incident was created, as shown in the following screenshot:
