Archives
- August 2020 (1)
- July 2020 (3)
- June 2020 (1)
- March 2020 (5)
- February 2020 (3)
- January 2020 (18)
- December 2019 (22)
- November 2019 (3)
- October 2019 (1)
- July 2019 (1)
- April 2019 (2)
- January 2019 (2)
- October 2018 (2)
- September 2018 (1)
- August 2018 (4)
- July 2018 (4)
- February 2018 (6)
- January 2018 (3)
- November 2017 (1)
- August 2017 (3)
- May 2017 (4)
- April 2017 (4)
- December 2016 (1)
Categories
- Application Security (1)
- Azure Security Center (10)
- Governance & Compliance (10)
- Host Protection (3)
- Identity & Access Control (7)
- Monitoring & Detection (15)
- Network Security (2)
- Secure Development (8)
- Security Automation (32)
- Security Operation (12)
- Service Overview (1)
- Uncategorized (1)
Archives
- August 2020 (1)
- July 2020 (3)
- June 2020 (1)
- March 2020 (5)
- February 2020 (3)
- January 2020 (18)
- December 2019 (22)
- November 2019 (3)
- October 2019 (1)
- July 2019 (1)
- April 2019 (2)
- January 2019 (2)
- October 2018 (2)
- September 2018 (1)
- August 2018 (4)
- July 2018 (4)
- February 2018 (6)
- January 2018 (3)
- November 2017 (1)
- August 2017 (3)
- May 2017 (4)
- April 2017 (4)
- December 2016 (1)
Categories
- Application Security (1)
- Azure Security Center (10)
- Governance & Compliance (10)
- Host Protection (3)
- Identity & Access Control (7)
- Monitoring & Detection (15)
- Network Security (2)
- Secure Development (8)
- Security Automation (32)
- Security Operation (12)
- Service Overview (1)
- Uncategorized (1)
Category Archives: Azure Security Center
Everything you need to know about Azure Security Center Alert Suppression
Different environments may have special configuration that may trigger the alert. And those false positive alerts keep annoying SecOps team. One of the features that SecOps guys working on Azure Security Center wish to have is the ability to automatically … Continue reading
Enable Microsoft Defender ATP integration in Azure Security Center programmatically
If you have worked with Azure Security Center and Microsoft Defender ATP (Advanced Threat Protection) you may know a setting in Azure Security Center called Threat Detection where you can allow Microsoft Cloud App Security (MCAS) or Microsoft Defender ATP … Continue reading
Threat Detection for Key Vault in Azure Security Center
From this article you may realize that you can enable Key Vault pricing tier in Azure Security Center. However you wouldn’t see it from Azure Portal UI. Microsoft recently released Threat Detection for Azure Key Vault in Azure Security Center … Continue reading
Query Azure Security Security Recommendation by different ways
If you work with Azure Security Center you probably know about Azure Security Center Recommendation that periodically analyzes security state of Azure resources. In the past Azure Security Center Recommendation was executed by private Azure back-end service internally. Microsoft then … Continue reading
Azure Security Center ARM Template
I got a question from a reader asking if there is any ARM template for Azure Security Center and what are common use cases for such an ARM template. In this article, let’s explore the ARM template for Azure Security … Continue reading
Posted in Azure Security Center, Security Automation
Tagged azure security center arm template
4 Comments
Working with Azure Security Center Alert from Azure Sentinel
You wouldn’t want to jump over from Azure Security Center and Azure Sentinel to manage and operate security. We all know what they are and how they are used for which purpose. The ultimate goal would be to reduce effort … Continue reading
Simulate alerts to be caught by ASC
I got a question from my friend about how to safely create alerts in order to test Azure Security Center. He wanted to test several automation capabilities such as Azure Sentinel, ASC playbook with Logic App or any form of … Continue reading
Work with Azure Security Center alert in Log Analytics
Azure Security Center allows you to specify a Log Analytics (LA) workspace to collect data. As far as I know there are two data types that are fed to the configured workspace: SecurityAlert and SecurityEvent. Microsoft recently introduced a Continuous Export … Continue reading
Posted in Azure Security Center
Tagged azure log analytics, azure security center, kusto query language
4 Comments
A bit about ASC Alert in Log Analytics workspace
Microsoft introduced Continuous Export in Azure Security Center allowing you to export security recommendation and alert to a Log Analytics workspace. You might wonder if data structure in alert is different from the data which is collected from configuring ASC data collection. … Continue reading
What is securitydata resource group in Microsoft Azure?
If you happen to see a strange securitydata resource group in your Azure subscription, you would be pretty much surprised what the heck it is. You would be angry on someone in your cloud team if the Azure subscription is shared … Continue reading
Posted in Azure Security Center
Leave a comment