Home
Security rocks, community rocks, so join the Azure Security Center community!
Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises. Azure Security Center provides APIs which can be stimulated with Azure CLI, PowerShell, and REST commands, as well as a platform for different automation artifacts, such as policies and automated workflows. These contributions enhance the Azure Security experience with governance and remmediation at scale and the ASC Community is centrally integrated in the ASC Portal. The Azure Security Center GitHub community provides a forum for community members to join in and submit their own contributions via GitHub Pull Requests, or new contribution ideas as GitHub Issues. These contributions can be based on your idea of the value your contribution provides to enterprises, it can be an artifact derived from our GitHub open issues list, or even an enhancement to existing contributions. Please refer to the Get Started section to start contributing to our community.
All automations within this repository are provided as is, without SLA or official support. However, if you have an issue please fill out a bug report and the community will try to solve it.
You can be informed about changes by following our GitHub repository. To do so, you simply have to click the Watch button in the upper right corner and select what changes you want to be informed about. 
This section covers all aspects about what and how to contribute to the Azure Security Center GitHub Community. This project welcomes contributions and suggestions. However, most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
We encourage you to contribute any artifact that enhances end-to-end customer experience in Azure Security Center. This includes, but is not limited to, LogicApp Playbooks, ARM Templates, Azure Policy Definitions, Azure Resource Graph queries, PowerShell scripts, and other kinds of automation artifacts that help to enhance the overall ASC experience.
| Contribution | Purpose | Get Started |
|---|---|---|
| Remediation scripts | Remediation at scale. These artifacts help to remediate security recommendations within Azure Security Center. |
Create Azure LogicApps Remediation scripts on GitHub |
| Custom (Security) Policies | Governance at scale, custom settings, auto-deployments. With custom security policies, customers can tune their ASC environment according to their needs. With DINE (Deploy if not exists) and Deny Policies, customers can make sure that new resources are deployed secure by default. |
Azure Policy documentation Example policies on GitHub How to create custom security policies |
| Workflow automation | Auto-reaction on different trigger types, such as recurrence, security recommendations, or threat alerts |
Create Azure LogicApps Workflow automation on GitHub |
Artifacts in our GitHub repository are meant to be used in any customer's environment. To make them easy to deploy, we ask you to adhere to the following guidelines:
- Make sure to include a readme.md that explains what your artifact will do.
- If your artifact is an Azure Resource (e.g. a LogicApp), please provide an ARM template that can be deployed with a click on
in the respective project folder (not clickable here!). Make sure to include the button as a clickable link to the deployment in your readme.md.
Example link: https://portal.azure.com/#create/Microsoft.Template/uri/pathToRawGitHubTemplateFile - Please make sure your template is generalized, which means that environment-specific information, such as resource group names, locations, storage account names, or subscription IDs should either be provided by the customer, or dynamically generated during the deployment.
Functionally validate whether your contribution works by deploying it to Azure and trying it out in Azure Security Center. The respective product documentation linked above will provide information on how your contribution can be consumed in Azure Sentinel. Besides this, t the time of submitting your Pull Request, automatic GitHub validations using Azure Pipelines is enabled on this repository for basic syntactical checks of the contributions. Follow the test guidance to add any additional tests needed to validate specific scenarios for your contributions as needed.
After you have developed and tested that your contribution works as expected, please follow the general contribution guidelines for the Azure Security Center GitHub repository to open a Pull Request and submit your contribution. We will review your submission before merging your PR within 7 days.
We value your feedback and want to make this community as engaging, as possible. Therefore, here are some channels to help surface your questions or feedback:
| What you are looking for | What you can do/Where you can go |
|---|---|
| General product specific Q&A | Join in our Azure Security Center TechCommunity conversations |
| Product specific feature requests | Upvote or post new on Azure Security Center UserVoice |
| Product specific bugs | File an Azure Security Center support ticket |
| Report content you'd like to see in this repo | File a new GitHub Issue using our Feature Request Template |
| Report content bugs for content in this repo / contribution bugs | File a new GitHub Issue using our Bug template |
We can also connect on the following social media channels:
- Azure Security Center blog on TechCommunity
- Azure Security Center forum on TechCommunity