Monthly Archives: December 2019

Extract all Azure Sentinel incidents

Posted on 12/16/2019 by azsec

I got asked by a few readers after reading this article if there was a way to extract all incidents in Azure Sentinel so they could conduct a report and send out to their managers. In this article, let’s see … Continue reading

Posted in Security Automation | Tagged , , | 5 Comments

Audit Azure Security Center in your tenant

Posted on 12/15/2019 by azsec

Part of Azure Security Center deployment plan in your organization you need to extract Azure Security Center in your tenant so you can determine whether you want to enable Standard tier for some resource types, as well as plan for … Continue reading

Posted in Security Automation | Tagged , | Leave a comment

Connect Azure Security Center to Azure Sentinel programatically

Posted on 12/14/2019 by azsec

Previously you knew how to integrate Azure Security Center to Azure Sentinel to make sure alerts are tracked as incidents in Azure Sentinel. Now you have decided to connect many Azure Security Center to your Azure Sentinel. This article is … Continue reading

Posted in Security Automation | Tagged , | 3 Comments

Working with Azure Security Center Alert from Azure Sentinel

Posted on 12/10/2019 by azsec

You wouldn’t want to jump over from Azure Security Center and Azure Sentinel to manage and operate security. We all know what they are and how they are used for which purpose. The ultimate goal would be to reduce effort … Continue reading

Posted in Azure Security Center | Tagged , | 7 Comments

Security Monitoring and Detection Tips for your Storage Account – Part 2

Posted on 12/09/2019 by azsec

The previous part of the series introduced you three different types of log that Azure Storage account provide. Each of them can be used for different purpose but can be correlated together for a single view. Understanding every piece of … Continue reading

Posted in Monitoring & Detection | Tagged , | 7 Comments

Security Monitoring and Detection Tips for your Storage Account – Part 1

Posted on 12/09/2019 by azsec

Capital One breach was one of the biggest data breaches in 2019 which affected over 100 million people. There was a compromised access key that was used to access to an S3 storage bucket (equivalent to Azure Storage Account) to … Continue reading

Posted in Monitoring & Detection | Tagged , | 6 Comments

Deploy a compliant Storage Account service

Posted on 12/08/2019 by azsec

What exactly would you need from a compliant service like Storage Account? We have seen number of data breaches in cloud when storage account storing sensitive data have been compromised within 2019. Those breaches really raised the serious attention to … Continue reading

Posted in Governance & Compliance | Tagged , , | 4 Comments

Audit Azure App Service in your tenant

Posted on 12/05/2019 by azsec

There are several ways to extract information of Azure App Service resources in your environment. You can use Resource Graph Explorer, Azure CLI, Azure PowerShell or Azure REST API. Depending on the information you would like to extract, the tool … Continue reading

Posted in Secure Development | Tagged , , | 2 Comments

VM Security Log to Event Hub for SIEM integration

Posted on 12/03/2019 by azsec

Streaming VM security log to Event Hub and add Event Hub to an Event Hub listener in SIEM is a common step in building SOC. Microsoft has separate articles for Windows and Linux where they give information on diagnostics agent … Continue reading

Posted in Security Operation | Tagged , | 4 Comments