Archives
- November 2021 (13)
- August 2021 (1)
- July 2021 (6)
- June 2021 (1)
- May 2021 (1)
- April 2021 (1)
- January 2021 (1)
- August 2020 (1)
- July 2020 (3)
- June 2020 (1)
- March 2020 (5)
- February 2020 (3)
- January 2020 (18)
- December 2019 (22)
- November 2019 (3)
- October 2019 (1)
- July 2019 (1)
- April 2019 (2)
- January 2019 (2)
- October 2018 (2)
- September 2018 (1)
- August 2018 (4)
- July 2018 (4)
- February 2018 (6)
- January 2018 (3)
- November 2017 (1)
- August 2017 (3)
- May 2017 (4)
- April 2017 (4)
- December 2016 (1)
Categories
- Application Security (1)
- Azure Security Center (10)
- Governance & Compliance (15)
- Host Protection (3)
- Identity & Access Control (8)
- Monitoring & Detection (19)
- Network Security (2)
- Secure Development (13)
- Security Automation (46)
- Security Operation (19)
- Service Overview (1)
Monthly Archives: January 2020
Enable Microsoft Defender ATP integration in Azure Security Center programmatically
If you have worked with Azure Security Center and Microsoft Defender ATP (Advanced Threat Protection) you may know a setting in Azure Security Center called Threat Detection where you can allow Microsoft Cloud App Security (MCAS) or Microsoft Defender ATP … Continue reading
Threat Detection for Key Vault in Azure Security Center
From this article you may realize that you can enable Key Vault pricing tier in Azure Security Center. However you wouldn’t see it from Azure Portal UI. Microsoft recently released Threat Detection for Azure Key Vault in Azure Security Center … Continue reading
Query Azure Security Security Recommendation by different ways
If you work with Azure Security Center you probably know about Azure Security Center Recommendation that periodically analyzes security state of Azure resources. In the past Azure Security Center Recommendation was executed by private Azure back-end service internally. Microsoft then … Continue reading
Update Azure Sentinel incident programmatically
There has to be a case that you want to update Azure Sentinel incidents namely label or assignment. For example you would like all brute-force attack related incidents to have label brute-force and to assign to a specific person/team that … Continue reading
What Blue Team needs to know about Run Script feature in Azure
Run Script is great feature that help cloud system admin perform command or script execution on target virtual machine without RDP or setting up a PsRemote that may not be allowed in your organization. Nonetheless Run Script also allows bad … Continue reading
Parse ExtendedProperty in Azure Sentinel alert for Logic App use
I got a few questions from readers about processing data in ExtendedProperties in alert data. They didn’t want to send a full JSON format. Instead they wanted to extract piece of information from helpful field like ExtendedProperties to compose a … Continue reading
Notify Azure Sentinel alert to your email automatically
Currently there is not any built-in functionality that notifies you via email if there is an incident that is generated in Azure Sentinel. Checking Azure Sentinel every time wouldn’t be an idea while working with email is simply a habit. … Continue reading
Guidance for CVE Crypto and RDG vulnerability patching on Azure VM
There are a lot of buzz these days around the most recent Microsoft Tuesday Patch January 2020. There are critical vulnerabilities found in the core Windows crypto functionality as well as Remote Desktop Gateway (RDG). While the crypto related vulnerability … Continue reading
Posted in Security Automation
Tagged azure dsc, azure security audit, cve-2020-0601 azure
12 Comments
Enable storage account analytics logging on all storage accounts
Storage Analytics logging allows you to track down operation activity at the blob level (e.g. download, upload…). You might want to enable it to all storage accounts to you could acquire log that would supports security incident investigation. This article … Continue reading
Get all comments in an Azure Sentinel incident programmatically
For any kind of report you may want to get all comments in an Azure Sentinel in order to archive as an forensic or incident artifact in an incident case before it is closed. Even comments in Azure Sentinel is … Continue reading →