Category Archives: Monitoring & Detection

An analysis of Suspicious Authentication activity from Azure Security Center

There are some readers after following this article to simulate alerts generated from Azure Security Center approaching me asking about one of the alerts they have seen named Suspicious authentication activity. They don’t know whether their testing virtual machines in … Continue reading

Posted in Monitoring & Detection | Tagged , , | 2 Comments

Security Monitoring and Detection Tips for your Storage Account – Part 4

In part 3, you were introduced some storage account related alerts that are generated by Azure Security Center -Advanced Threat Protection. You also got to know a few ways to manually generate those alerts so you could look into how … Continue reading

Posted in Monitoring & Detection | Tagged , | 1 Comment

Security Monitoring and Detection Tips for your Storage Account – Part 3

In previous article you learned about different ways to collect Azure Storage account logs. You also learned about a model of centralizing Storage account log. No matter how you want to build, your storage account log should be ready for  … Continue reading

Posted in Monitoring & Detection | Tagged , | 4 Comments

Security Monitoring and Detection Tips for your Storage Account – Part 2

The previous part of the series introduced you three different types of log that Azure Storage account provide. Each of them can be used for different purpose but can be correlated together for a single view. Understanding every piece of … Continue reading

Posted in Monitoring & Detection | Tagged , | 7 Comments

Security Monitoring and Detection Tips for your Storage Account – Part 1

Capital One breach was one of the biggest data breaches in 2019 which affected over 100 million people. There was a compromised access key that was used to access to an S3 storage bucket (equivalent to Azure Storage Account) to … Continue reading

Posted in Monitoring & Detection | Tagged , | 6 Comments

Azure RM Tool VS Code may trigger ASC alert

If you work with Azure ARM template on VS Code you have probably know about this tool called Azure Resource Manager (ARM) tool . For those who use Linux to work with VS Code, the tool may shift all its … Continue reading

Posted in Monitoring & Detection | Tagged , | Leave a comment

Quick thought on CVE-2019-0962

Microsoft recently published a security vulnerability coded CVE-2019-0962 indicating possible elevation of privilege when deploying an Azure Automation account. From what the CVE says, an elevation of privilege vulnerability exists in Azure Automation “RunAs account” runbooks for users with contributor role. This … Continue reading

Posted in Monitoring & Detection | Tagged , | Leave a comment

Trigger an alert when setting storage encryption with Key Vault

There was a great question today in a private community channel asking about monitoring and alerting when a storage account encryption is configured to use key in Key Vault in stead of Microsoft managed key. This question just drove me … Continue reading

Posted in Monitoring & Detection | Tagged , | Leave a comment

Azure Firewall Monitoring 101

My last article was to give you an overview of Azure Firewall – a managed firewall service Microsoft recently announced in public preview, and also guidance on how to set it up. There have been some positive feedbacks along with … Continue reading

Posted in Monitoring & Detection | Tagged , | 2 Comments