Archives
- January 2022 (3)
- December 2021 (9)
- November 2021 (13)
- August 2021 (1)
- July 2021 (6)
- June 2021 (1)
- May 2021 (1)
- April 2021 (1)
- January 2021 (1)
- August 2020 (1)
- July 2020 (3)
- June 2020 (1)
- March 2020 (5)
- February 2020 (3)
- January 2020 (18)
- December 2019 (22)
- November 2019 (3)
- October 2019 (1)
- July 2019 (1)
- April 2019 (2)
- January 2019 (2)
- October 2018 (2)
- September 2018 (1)
- August 2018 (4)
- July 2018 (4)
- February 2018 (6)
- January 2018 (3)
- November 2017 (1)
- August 2017 (3)
- May 2017 (4)
- April 2017 (4)
- December 2016 (1)
Categories
- Application Security (1)
- Azure Security Center (10)
- Governance & Compliance (19)
- Host Protection (3)
- Identity & Access Control (9)
- Monitoring & Detection (22)
- Network Security (3)
- Secure Development (13)
- Security Automation (53)
- Security Operation (21)
- Service Overview (1)
Monthly Archives: November 2021
Quickly test Microsoft Sentinel REST API
There are several ways to test Microsoft Sentinel REST API with GET method. You can test directly (from Try It button) on the REST API docs page. Postman is another option. I have developed a simple PowerShell script to help … Continue reading
Create an alert with custom entity mapping using Microsoft Sentinel REST API
As you may know the latest stable Microsoft Sentinel Alert API version 2020-01-01 doesn’t allows you to create an analytics rule in which you can add custom entity mapping, custom detail or incident grouping configuration. It isn’t too helpful for … Continue reading
Migrate alert rules to another Azure Sentinel in the same tenant
In a large deployment, having a non-production environment to test Microsoft Sentinel analytics rule is recommended. Now when everything is ready you would need to copy your rules over to the production environment. This article provides you a script to … Continue reading
Azure Sentinel Threat Intelligence API
Microsoft Sentinel (formerly aka Azure Sentinel) has a feature that allows you to create and manage custom Threat Intelligence (TI) indicators (aka IoC – Indicators of Compromise). There are requests from avid readers asking AzSec to write something about Microsoft … Continue reading
Count number of VMs & VMSS by OS type with Resource Graph Explorer
As part of SOC work you may want to check in your Azure environment the number of VMs or VM Scalesets by Operating System type so you can report to InfoSec leader. Moreover that helps plan security patching better. This … Continue reading
Trigger an on-demand Azure Policy evaluation scan at Management Group scope
If you are working with Azure Policy you must know about the on-demand Azure Policy evaluation scan that Azure allows you to trigger. Currently, you can only trigger the compliance evaluation at your current subscription context or for a resource … Continue reading
Get Vulnerability Assessment Setting of Azure SQL Server in tenant with PowerShell
Enabling and configuring vulnerability assessment (VA) feature on Azure SQL Server is needed in an environment where security and compliance is strictly followed. And now you are asked by InfoSec leader to provide status of VA configuration on all of … Continue reading
Deploy Microsoft Defender for Servers via VM ARM template
Microsoft Defender for Servers offers you a capability for Azure VMs to help detect threat and to add additional defense. Currently it is supported on both Windows and Linux. In this article, let’s quickly check if we can deploy the … Continue reading
Laterally move by abusing Log Analytics Agent and Automation Hybrid worker
Azure Automation Hybrid worker is used to manage Azure resources in local environment where compliant connectivity is needed. Normally a hybrid worker needs a certificate installed on it so it can be authorized by Azure AD before it can perform … Continue reading
Posted in Monitoring & Detection, Security Operation
Tagged abuse Azure agent, azure laterally move
1 Comment
Harvest credential from Custom Script Extension on Azure VM
Custom Script Extension is one of the most commonly used extensions for Azure virtual machine deployment. This extension allows you to execute a bootstrapping script during VM deployment to perform some additional tasks. Those tasks may include Domain Controller on-boarding … Continue reading
Posted in Monitoring & Detection
Tagged azure custom script extension, harvest credential
2 Comments