Category Archives: Azure Security Center

Enable Microsoft Defender ATP integration in Azure Security Center programmatically

Posted on 01/30/2020 by azsec

If you have worked with Azure Security Center and Microsoft Defender ATP (Advanced Threat Protection) you may know a setting in Azure Security Center called Threat Detection where you can allow Microsoft Cloud App Security (MCAS) or Microsoft Defender ATP … Continue reading →

Threat Detection for Key Vault in Azure Security Center

Posted on 01/28/2020 by azsec

From this article you may realize that you can enable Key Vault pricing tier in Azure Security Center. However you wouldn’t see it from Azure Portal UI. Microsoft recently released Threat Detection for Azure Key Vault in Azure Security Center … Continue reading →

Posted in Azure Security Center | Tagged azure key vault threat detection, azure security center key vault | Leave a comment

Query Azure Security Security Recommendation by different ways

Posted on 01/24/2020 by azsec

If you work with Azure Security Center you probably know about Azure Security Center Recommendation that periodically analyzes security state of Azure resources. In the past Azure Security Center Recommendation was executed by private Azure back-end service internally. Microsoft then … Continue reading →

Posted in Azure Security Center, Governance & Compliance | Tagged azure resource graph, azure security center recommendation, kusto query language | Leave a comment

Azure Security Center ARM Template

Posted on 12/30/2019 by azsec

I got a question from a reader asking if there is any ARM template for Azure Security Center and what are common use cases for such an ARM template. In this article, let’s explore the ARM template for Azure Security … Continue reading →

Posted in Azure Security Center, Security Automation | Tagged azure security center arm template | 4 Comments

Working with Azure Security Center Alert from Azure Sentinel

Posted on 12/10/2019 by azsec

You wouldn’t want to jump over from Azure Security Center and Azure Sentinel to manage and operate security. We all know what they are and how they are used for which purpose. The ultimate goal would be to reduce effort … Continue reading →

Posted in Azure Security Center | Tagged azure security center, azure sentinel | 7 Comments

Simulate alerts to be caught by ASC

Posted on 12/02/2019 by azsec

I got a question from my friend about how to safely create alerts in order to test Azure Security Center. He wanted to test several automation capabilities such as Azure Sentinel, ASC playbook with Logic App or any form of … Continue reading →

Posted in Azure Security Center | Tagged asc alert creation, azure security center | 7 Comments

Work with Azure Security Center alert in Log Analytics

Posted on 11/29/2019 by azsec

Azure Security Center allows you to specify a Log Analytics (LA) workspace to collect data. As far as I know there are two data types that are fed to the configured workspace: SecurityAlert and SecurityEvent. Microsoft recently introduced a Continuous Export … Continue reading →

Posted in Azure Security Center | Tagged azure log analytics, azure security center, kusto query language | 4 Comments

A bit about ASC Alert in Log Analytics workspace

Posted on 11/24/2019 by azsec

Microsoft introduced Continuous Export in Azure Security Center allowing you to export security recommendation and alert to a Log Analytics workspace. You might wonder if data structure in alert is different from the data which is collected from configuring ASC data collection. … Continue reading →

Posted in Azure Security Center | Tagged azure security center. azure log analytics | 4 Comments

What is securitydata resource group in Microsoft Azure?

Posted on 04/14/2017 by azsec

If you happen to see a strange securitydata resource group in your Azure subscription, you would be pretty much surprised what the heck it is. You would be angry on someone in your cloud team if the Azure subscription is shared … Continue reading →

Posted in Azure Security Center | Leave a comment