Archives
- March 2020 (5)
- February 2020 (3)
- January 2020 (18)
- December 2019 (22)
- November 2019 (3)
- October 2019 (1)
- July 2019 (1)
- April 2019 (2)
- January 2019 (2)
- October 2018 (2)
- September 2018 (1)
- August 2018 (4)
- July 2018 (4)
- February 2018 (6)
- January 2018 (3)
- November 2017 (1)
- August 2017 (3)
- May 2017 (4)
- April 2017 (4)
- December 2016 (1)
Categories
- Application Security (1)
- Azure Security Center (9)
- Governance & Compliance (10)
- Host Protection (3)
- Identity & Access Control (7)
- Monitoring & Detection (15)
- Network Security (2)
- Secure Development (8)
- Security Automation (29)
- Security Operation (12)
- Service Overview (1)
Archives
- March 2020 (5)
- February 2020 (3)
- January 2020 (18)
- December 2019 (22)
- November 2019 (3)
- October 2019 (1)
- July 2019 (1)
- April 2019 (2)
- January 2019 (2)
- October 2018 (2)
- September 2018 (1)
- August 2018 (4)
- July 2018 (4)
- February 2018 (6)
- January 2018 (3)
- November 2017 (1)
- August 2017 (3)
- May 2017 (4)
- April 2017 (4)
- December 2016 (1)
Categories
- Application Security (1)
- Azure Security Center (9)
- Governance & Compliance (10)
- Host Protection (3)
- Identity & Access Control (7)
- Monitoring & Detection (15)
- Network Security (2)
- Secure Development (8)
- Security Automation (29)
- Security Operation (12)
- Service Overview (1)
Category Archives: Monitoring & Detection
Alert Grouping feature in Azure Sentinel
One of the things that SecOps guys needs when working with Azure Sentinel is the ability to group all alerts that have similar characteristics into a single incident in order to better manage and respond. Given an example about Traffic … Continue reading
Export virtual machines with ASC monitoring agent issue
There is a recommendation named “Monitoring agent health issues should be resolved on your machine” in Azure Security Center that provides you list of unhealthy resources (virtual machine resource type). There are several reasons that can cause unhealthy monitoring state … Continue reading
What Blue Team needs to know about Run Script feature in Azure
Run Script is great feature that help cloud system admin perform command or script execution on target virtual machine without RDP or setting up a PsRemote that may not be allowed in your organization. Nontheless Run Script also allows bad … Continue reading
An analysis of Suspicious Authentication activity from Azure Security Center
There are some readers after following this article to simulate alerts generated from Azure Security Center approaching me asking about one of the alerts they have seen named Suspicious authentication activity. They don’t know whether their testing virtual machines in … Continue reading
Posted in Monitoring & Detection
Tagged azure security analysis, azure security center, azure sentinel
2 Comments
Security Monitoring and Detection Tips for your Storage Account – Part 4
In part 3, you were introduced some storage account related alerts that are generated by Azure Security Center -Advanced Threat Protection. You also got to know a few ways to manually generate those alerts so you could look into how … Continue reading
Posted in Monitoring & Detection
Tagged azure storage attack, azure storage security
Leave a comment
Security Monitoring and Detection Tips for your Storage Account – Part 3
In previous article you learned about different ways to collect Azure Storage account logs. You also learned about a model of centralizing Storage account log. No matter how you want to build, your storage account log should be ready for … Continue reading
Security Monitoring and Detection Tips for your Storage Account – Part 2
The previous part of the series introduced you three different types of log that Azure Storage account provide. Each of them can be used for different purpose but can be correlated together for a single view. Understanding every piece of … Continue reading
Posted in Monitoring & Detection
Tagged azure storage best practice, azure storage security
4 Comments
Security Monitoring and Detection Tips for your Storage Account – Part 1
Capital One breach was one of the biggest data breaches in 2019 which affected over 100 million people. There was a compromised access key that was used to access to an S3 storage bucket (equivalent to Azure Storage Account) to … Continue reading
Azure RM Tool VS Code may trigger ASC alert
If you work with Azure ARM template on VS Code you have probably know about this tool called Azure Resource Manager (ARM) tool . For those who use Linux to work with VS Code, the tool may shift all its … Continue reading
Quick thought on CVE-2019-0962
Microsoft recently published a security vulnerability coded CVE-2019-0962 indicating possible elevation of privilege when deploying an Azure Automation account. From what the CVE says, an elevation of privilege vulnerability exists in Azure Automation “RunAs account” runbooks for users with contributor role. This … Continue reading