Monthly Archives: March 2020

ARM template for Azure VM with Guest Configuration

I’ve recently got some questions related to Azure Policy Guest Configuration and an ARM template to deploy pre-requisites in order to work with the feature. In this article, I’d like to share ARM template to deploy Azure Policy Guest Configuration … Continue reading

Posted in Governance & Compliance | Tagged | Leave a comment

Quick look at new Azure Sentinel Incident API

I got some questions from people who worked with Microsoft product team about the new incident API they were introduced. I took a glance at it and thought I would need to write something about it, especially wrote a new … Continue reading

Posted in Security Automation | Tagged , | 9 Comments

Quick notes in deploying Guest Configuration Extension on Azure VM

Azure Policy Guest Configuration allows you to audit configuration inside host. It sounds very much similar to Azure Automation Account Desired State Configuration (DSC). In fact the concept is similar to DSC but Azure Policy uses a dedicated agent called … Continue reading

Posted in Security Automation | Tagged , | Leave a comment

Guidance for CVE-2020-0796 SMBv3 Compression vulnerability patching on Azure VM

There are discussions around a new CVE coded CVE-2020-0796 that Microsoft indicated a remote code execution vulnerability found in SMBv3.1.1 compression feature. There are questions from people working on Azure environment asking me what to do. The purpose of this … Continue reading

Posted in Security Operation | Tagged , , | 1 Comment

Filter Azure Security Center alert name in Azure Sentinel incident rule

In the past we learnt on how to connect Azure Security Center to Azure Sentinel so every alert generated from Azure Security Center can be an incident in Azure Sentinel. Not all alerts are true positive and sometime you wouldn’t … Continue reading

Posted in Security Operation | Tagged | Leave a comment