The previous article walked you through some basic steps to upload Docker container’s vulnerability assessment result to a storage account for further review. Now you are asked to send an email notification to your team every time an assessment result is ready.
There are several ways to achieve email notification in Azure. In this article, we are going to explore the Azure Logic App with some common built-in Actions and Triggers to send emails to SecOps or DevOps team.
Previously I wrote an article to walk people through CI/CD Integration with Azure Security Center. I got a question about uploading vulnerability assessment result to an Azure Storage Account.
In this article, let’s see how to do that with Azure CLI GitHub Action.
If you are working in a cyber-security field where DevOps is involved, you probably heard about shift-left security. Shift-left security is just basically to move security assessment or verification sooner in the development process so you wouldn’t waste time to remediate security findings before the product or application is released to the production environment.
Specific to Azure, the new CI/CD integration to scan container images in Azure Security Center has come to my attention. In this article, let’s explore this feature and how to perform a PoC to demonstrate it to your team or customer. The article will also provide step-by-step guidance on how to make the PoC done.
Recently I was asked to help a colleague of mine on a policy named “Azure SQL Server auditing should be enabled“. He deployed an ARM template to enable auditing but the deployment didn’t reflect the setting in Azure Portal.
In this article, let’s look into the problem the colleague had. We will also modify the built-in policy to make it more useful.
Backup would be the last hope for you in an attempt of recovering your infrastructure after a cyber attack. Malware doesn’t only steal and exfiltrate data but also scans and deletes your backup. The soft delete feature is designed to address such a concern of data destruction.
In this article, let’s look into some aspects of the soft delete feature in Azure Backup.
There are two different policies in Azure Security Center/Azure Policy scan virtual network resources and DDoS protection plan. Your virtual network resources may fall into the list of non-compliant resources in one of these policies. In this article, let’s demystify the two policies and remediate or justify them in case you are asked by a compliance guy. Continue reading
Watchlist in Azure Sentinel allows you to build your own data from external data sources for correlation with analytics or hunting rules in your Azure Sentinel environment.
In this article, what we are going to do is explore Azure Sentinel Watchlist REST API and then create Azure Role Assignment watchlist.
By default, when creating a new Azure storage account it accepts connections from clients on any network. To limit that, Azure allows you to add a trusted list of virtual network subnets or IP ranges.
This article is not going to walk you through step-by-step guidance on how to add firewall rules to the Azure Storage account. Instead, it will mainly focus on deploy network restriction programmatically in a DevOps environment.
Recently I got a question from a friend regarding Azure Active Directory hybrid identity option. The question was part of his exam in Az-500 Microsoft Azure Security Technologies.
In this article, I’d like to provide a bit about the AAD hybrid identity as well as to clarify something about it.
Giving unplanned role to users or groups is one of the reasons that lead to a security breach. In this article, let’s just look at how we can use Azure Policy to prevent role assignment from being assigned to unattended target users and groups.