Archives
- July 2021 (5)
- June 2021 (1)
- May 2021 (1)
- April 2021 (1)
- January 2021 (1)
- August 2020 (1)
- July 2020 (3)
- June 2020 (1)
- March 2020 (5)
- February 2020 (3)
- January 2020 (18)
- December 2019 (22)
- November 2019 (3)
- October 2019 (1)
- July 2019 (1)
- April 2019 (2)
- January 2019 (2)
- October 2018 (2)
- September 2018 (1)
- August 2018 (4)
- July 2018 (4)
- February 2018 (6)
- January 2018 (3)
- November 2017 (1)
- August 2017 (3)
- May 2017 (4)
- April 2017 (4)
- December 2016 (1)
Categories
- Application Security (1)
- Azure Security Center (10)
- Governance & Compliance (12)
- Host Protection (3)
- Identity & Access Control (8)
- Monitoring & Detection (17)
- Network Security (2)
- Secure Development (10)
- Security Automation (35)
- Security Operation (16)
- Service Overview (1)
Archives
- July 2021 (5)
- June 2021 (1)
- May 2021 (1)
- April 2021 (1)
- January 2021 (1)
- August 2020 (1)
- July 2020 (3)
- June 2020 (1)
- March 2020 (5)
- February 2020 (3)
- January 2020 (18)
- December 2019 (22)
- November 2019 (3)
- October 2019 (1)
- July 2019 (1)
- April 2019 (2)
- January 2019 (2)
- October 2018 (2)
- September 2018 (1)
- August 2018 (4)
- July 2018 (4)
- February 2018 (6)
- January 2018 (3)
- November 2017 (1)
- August 2017 (3)
- May 2017 (4)
- April 2017 (4)
- December 2016 (1)
Categories
- Application Security (1)
- Azure Security Center (10)
- Governance & Compliance (12)
- Host Protection (3)
- Identity & Access Control (8)
- Monitoring & Detection (17)
- Network Security (2)
- Secure Development (10)
- Security Automation (35)
- Security Operation (16)
- Service Overview (1)
Category Archives: Security Automation
Notes on Azure SQL Server Auditting should be enabled policy
Recently I was asked to help a colleague of mine on a policy named “Azure SQL Server auditing should be enabled“. He deployed an ARM template to enable auditing but the deployment didn’t reflect the setting in Azure Portal. In … Continue reading
Create an Azure Role Assignment Watchlist in Azure Sentinel
Watchlist in Azure Sentinel allows you to build your own data from external data sources for correlation with analytics or hunting rules in your Azure Sentinel environment. In this article, what we are going to do is explore Azure Sentinel … Continue reading
Posted in Security Automation, Security Operation
Tagged azure sentinel, azure sentinel watchlist api
3 Comments
Notes in Azure Storage Network Restriction
By default, when creating a new Azure storage account it accepts connections from clients on any network. To limit that, Azure allows you to add a trusted list of virtual network subnets or IP ranges. This article is not going … Continue reading
Get Alert Relation from an Incident using Azure Sentinel Incident Relation API
I have a few questions recently asking if we can get an associated alert for an incident. The idea is to know which alert that caused an incident so SecOps team could better investigate the issue. In this article, let’s … Continue reading
Posted in Security Automation
Tagged azure sentinel, azure sentinel api, azure sentinel incident
Leave a comment
Transform Azure Sentinel incident to Log Analytics Workspace with Logic App
As a SOC Analyst or Manager who are working on Azure Sentinel you would like to have a view of how productive your team is (response time, resolution..). As being familiar with Log Analytics query, you might wish to do … Continue reading
Posted in Security Automation
Tagged azure logic app, azure sentinel, azure sentinel incident
1 Comment
Be careful when you have escape char in Key Vault secret value
I recently had some works that required to use Azure Key Vault. Specifically a secret that stored a service principal’s password that contained some special characters (escape ones). This article just shows you my finding and how to fix it … Continue reading
Quick look at new Azure Sentinel Incident API
I got some questions from people who worked with Microsoft product team about the new incident API they were introduced. I took a glance at it and thought I would need to write something about it, especially wrote a new … Continue reading
Quick notes in deploying Guest Configuration Extension on Azure VM
Azure Policy Guest Configuration allows you to audit configuration inside host. It sounds very much similar to Azure Automation Account Desired State Configuration (DSC). In fact the concept is similar to DSC but Azure Policy uses a dedicated agent called … Continue reading
Enable Microsoft Defender ATP integration in Azure Security Center programmatically
If you have worked with Azure Security Center and Microsoft Defender ATP (Advanced Threat Protection) you may know a setting in Azure Security Center called Threat Detection where you can allow Microsoft Cloud App Security (MCAS) or Microsoft Defender ATP … Continue reading
Get all comments in an Azure Sentinel incident programmatically
For any kind of report you may want to get all comments in an Azure Sentinel in order to archive as an forensic or incident artifact in an incident case before it is closed. Even comments in Azure Sentinel is … Continue reading →