Category Archives: Azure Security Center

Everything you need to know about Azure Security Center Alert Suppression

Different environments may have special configuration that may trigger the alert. And those false positive alerts keep annoying SecOps team. One of the features that SecOps guys working on Azure Security Center wish to have is the ability to automatically … Continue reading

Posted in Azure Security Center | Tagged , | Leave a comment

Enable Microsoft Defender ATP integration in Azure Security Center programmatically

If you have worked with Azure Security Center and Microsoft Defender ATP (Advanced Threat Protection) you may know a setting in Azure Security Center called Threat Detection where you can allow Microsoft Cloud App Security (MCAS) or Microsoft Defender ATP … Continue reading

Posted in Azure Security Center, Security Automation | Tagged , | Leave a comment

Threat Detection for Key Vault in Azure Security Center

From this article you may realize that you can enable Key Vault pricing tier in Azure Security Center. However you wouldn’t see it from Azure Portal UI.  Microsoft recently released Threat Detection for Azure Key Vault in Azure Security Center … Continue reading

Posted in Azure Security Center | Tagged , | Leave a comment

Query Azure Security Security Recommendation by different ways

If you work with Azure Security Center you probably know about Azure Security Center Recommendation that periodically analyzes security state of Azure resources. In the past Azure Security Center Recommendation was executed by private Azure back-end service internally. Microsoft then … Continue reading

Posted in Azure Security Center, Governance & Compliance | Tagged , , | Leave a comment

Azure Security Center ARM Template

I got a question from a reader asking if there is any ARM template for Azure Security Center and what are common use cases for such an ARM template. In this article, let’s explore the ARM template for Azure Security … Continue reading

Posted in Azure Security Center, Security Automation | Tagged | 4 Comments

Working with Azure Security Center Alert from Azure Sentinel

You wouldn’t want to jump over from Azure Security Center and Azure Sentinel to manage and operate security. We all know what they are and how they are used for which purpose. The ultimate goal would be to reduce effort … Continue reading

Posted in Azure Security Center | Tagged , | 7 Comments

Simulate alerts to be caught by ASC

I got a question from my friend about how to safely create alerts in order to test Azure Security Center. He wanted to test several automation capabilities such as Azure Sentinel, ASC playbook with Logic App or any form of … Continue reading

Posted in Azure Security Center | Tagged , | 7 Comments

Work with Azure Security Center alert in Log Analytics

Azure Security Center allows you to specify a Log Analytics (LA) workspace to collect data. As far as I know there are two data types that are fed to the configured workspace: SecurityAlert and SecurityEvent. Microsoft recently introduced a Continuous Export … Continue reading

Posted in Azure Security Center | Tagged , , | 4 Comments

A bit about ASC Alert in Log Analytics workspace

Microsoft introduced Continuous Export in Azure Security Center allowing you to export security recommendation and alert to a Log Analytics workspace. You might wonder if data structure in alert is different from the data which is collected from configuring ASC data collection. … Continue reading

Posted in Azure Security Center | Tagged | 4 Comments

What is securitydata resource group in Microsoft Azure?

If you happen to see a strange securitydata resource group in your Azure subscription, you would be pretty much surprised what the heck it is. You would be angry on someone in your cloud team if the Azure subscription is shared … Continue reading

Posted in Azure Security Center | Leave a comment