Archives
- January 2021 (1)
- August 2020 (1)
- July 2020 (3)
- June 2020 (1)
- March 2020 (5)
- February 2020 (3)
- January 2020 (18)
- December 2019 (22)
- November 2019 (3)
- October 2019 (1)
- July 2019 (1)
- April 2019 (2)
- January 2019 (2)
- October 2018 (2)
- September 2018 (1)
- August 2018 (4)
- July 2018 (4)
- February 2018 (6)
- January 2018 (3)
- November 2017 (1)
- August 2017 (3)
- May 2017 (4)
- April 2017 (4)
- December 2016 (1)
Categories
- Application Security (1)
- Azure Security Center (10)
- Governance & Compliance (10)
- Host Protection (3)
- Identity & Access Control (7)
- Monitoring & Detection (16)
- Network Security (2)
- Secure Development (8)
- Security Automation (32)
- Security Operation (14)
- Service Overview (1)
Archives
- January 2021 (1)
- August 2020 (1)
- July 2020 (3)
- June 2020 (1)
- March 2020 (5)
- February 2020 (3)
- January 2020 (18)
- December 2019 (22)
- November 2019 (3)
- October 2019 (1)
- July 2019 (1)
- April 2019 (2)
- January 2019 (2)
- October 2018 (2)
- September 2018 (1)
- August 2018 (4)
- July 2018 (4)
- February 2018 (6)
- January 2018 (3)
- November 2017 (1)
- August 2017 (3)
- May 2017 (4)
- April 2017 (4)
- December 2016 (1)
Categories
- Application Security (1)
- Azure Security Center (10)
- Governance & Compliance (10)
- Host Protection (3)
- Identity & Access Control (7)
- Monitoring & Detection (16)
- Network Security (2)
- Secure Development (8)
- Security Automation (32)
- Security Operation (14)
- Service Overview (1)
Category Archives: Security Operation
Multi-homing Logging with new Azure Monitor Agent
Sending logs from Azure virtual machine/virtual machine scale set to different Azure Log Analytics workspace (as known as multi-homing) is a common requirement in a large cloud environment. In the past Azure only supported configuring multi-homing on Windows virtual machine. … Continue reading
Posted in Monitoring & Detection, Security Operation
Tagged azure monitor agent, azure multi-homing
Leave a comment
Everything you need to know about allowBlobPublicAccess on Storage Account
Data breaches caused by cloud misconfiguration have been seen for the past few years. One of the most common misconfigurations is granting public access to cloud storage service. Such a data is often unprotected, making them to be accessed without … Continue reading
Guidance for CVE-2020-0796 SMBv3 Compression vulnerability patching on Azure VM
There are discussions around a new CVE coded CVE-2020-0796 that Microsoft indicated a remote code execution vulnerability found in SMBv3.1.1 compression feature. There are questions from people working on Azure environment asking me what to do. The purpose of this … Continue reading
Filter Azure Security Center alert name in Azure Sentinel incident rule
In the past we learnt on how to connect Azure Security Center to Azure Sentinel so every alert generated from Azure Security Center can be an incident in Azure Sentinel. Not all alerts are true positive and sometime you wouldn’t … Continue reading
Get started with Azure Sentinel Notebooks
Hunting in Azure using Kusto Query Language to write query against Log Analytics workspace may not be enough for you. Given an example like this article, you would want to extract all attacker IP addressees and use VirusTotal to verify … Continue reading
Demystify alert generated by Azure Sentinel versus other 3rd products
There is a question in the community asking about alert field in Incident page, along with the question about what it meant. In this article, let’s talk about that and see how to distinguish between alert generated from Azure Sentinel … Continue reading
Posted in Security Operation
Tagged azure security center, azure sentinel alert, azure sentinel incident
1 Comment
VM Security Log to Event Hub for SIEM integration
Streaming VM security log to Event Hub and add Event Hub to an Event Hub listener in SIEM is a common step in building SOC. Microsoft has separate articles for Windows and Linux where they give information on diagnostics agent … Continue reading
Thoughts on Azure Sentinel
I got bunch of questions regarding what is the purpose or strategy of using Azure Sentinel when we have Azure Security Center (ASC). Giving the fact that everything Azure Sentinel has can be built within ASC technically. However the purpose of … Continue reading
Query private IP Address using Azure CLI
You’d probably guess that querying IP address using Azure CLI could not be easier with az vm list-ip-addresses. It should work if the environment is small and you don’t have virtual machine using the same name. In a large environment specially … Continue reading
Quick note on RunCommand feature on Azure VM
As a SecOps guy you are asked to perform audit on your virtual machines in Azure. The audit would be checking security patch (where Update Management hasn’t been enabled), or just simply a vulnerability verification like Spectre and Meldown. Run … Continue reading