Monthly Archives: December 2021

Acquire Access Token from Azure App Service (Linux) System-Assigned Managed Identity

I got a question from a friend last week if he should enable System-Assigned Managed Identity (SAMI) on an Azure App Service running on a Linux host. He also asked if his developer team could use that SAMI to do … Continue reading

Posted in Security Operation | Tagged | Leave a comment

Audit Azure Web App against NotLegit vulnerability

Have you seen this research NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories from Wiz? So basically from their research, if you Azure App Service uses Local Git your source code may have been compromised. As a … Continue reading

Posted in Governance & Compliance | Tagged , | 3 Comments

Notes on Azure Policy Exemption

There are ways to exclude your resources from being evaluated by Azure Policy. You can add a condition in a policy rule set. You can also use exclusion from notScopes. In this article, let’s explore another feature in Azure Policy … Continue reading

Posted in Governance & Compliance | Tagged , | Leave a comment

Bulk upload Log4Shell IoC to Microsoft Sentinel Threat Intelligence

Log4Shell is an emerging threat and its exploit is still in the wild. As a SecOps analyst your job is to monitor your cloud assets ensure if there is any communication to known IoC you would have a proper action. … Continue reading

Posted in Monitoring & Detection, Security Automation | Tagged , | 1 Comment

Detect Azure VM with a Public IP associated

Last week a friend asked me if creating or updating a virtual machine where a public IP address was associated with was detectable. This is a very common requirement in cloud security monitoring. Having a workload (aka virtual machine) with … Continue reading

Posted in Monitoring & Detection, Security Automation | Tagged , | Leave a comment

Detect NSG inbound rule updated to allow All

Network Security Group (NSG) is one of the most common features in Azure to help strengthen your network defense. It allows you to filter network traffic to and from Azure resources. Having NSG in place doesn’t always mean your network … Continue reading

Posted in Monitoring & Detection, Security Automation | Tagged , | Leave a comment

Query vulnerable VMs against Log4Shell vulnerability in Azure

I was asked from people if Microsoft Defender for Cloud had any information related to the CVE-2021-44228 (Log4Shell) vulnerability which is currently the hottest vulnerability right now. In this article, I would like to share a Resource Graph Query to … Continue reading

Posted in Security Automation | Tagged , | Leave a comment

Play with Tag on Azure Subscriptions

Tagging is often part of your cloud governance. You’d use tag to manage cost per subscription. You’d use it to distinguish environment type (e.g. non-production, production, test, development…) In this article, let’s play with tag a bit. You will learn … Continue reading

Posted in Governance & Compliance | Tagged | Leave a comment

Use Azure Resource Graph to query Microsoft Defender for Cloud Plan on all subscriptions

As part of SOC work you may want to get information of Microsoft Defender for Cloud plan on each subscription so you can plan to roll out a defender plan on one that doesn’t have yet. While Azure PowerShell, REST … Continue reading

Posted in Governance & Compliance, Security Automation | Tagged | Leave a comment