Microsoft just introduced a new type of analytics rule called near-real-time (NRT). This rule provides the capability to up-to-the-minute detection. It basically means you wouldn’t have to worry about ingestion delay especially the five minutes minimum delay.
This article provides you a sample ARM template to deploy a near-real-time (NRT) analytics rule.
I got a question from a friend today asking if he could customize alert name based on the detected resource. He was in charge of building rule set for monitoring Azure Key Vault resources. He wanted to see something like “SecretGet request on xyz-keyvault resource at 2021-11-01T20:59:50.1370000Z”
In this article, we will see how we can customize an alert name based on the detection rule’s output dynamically.
I have got several people asking if they can develop and deploy Azure Sentinel Analytics rule in form of Azure ARM Template.
This article is simply to provide you a sample template so you can quickly deploy a rule in Azure Sentinel to test. You can also establish analytics rule template in your CICD pipeline if needed.
The previous article walked you through some basic steps to upload Docker container’s vulnerability assessment result to a storage account for further review. Now you are asked to send an email notification to your team every time an assessment result is ready.
There are several ways to achieve email notification in Azure. In this article, we are going to explore the Azure Logic App with some common built-in Actions and Triggers to send emails to SecOps or DevOps team.
Previously I wrote an article to walk people through CI/CD Integration with Azure Security Center. I got a question about uploading vulnerability assessment result to an Azure Storage Account.
In this article, let’s see how to do that with Azure CLI GitHub Action.
If you are working in a cyber-security field where DevOps is involved, you probably heard about shift-left security. Shift-left security is just basically to move security assessment or verification sooner in the development process so you wouldn’t waste time to remediate security findings before the product or application is released to the production environment.
Specific to Azure, the new CI/CD integration to scan container images in Azure Security Center has come to my attention. In this article, let’s explore this feature and how to perform a PoC to demonstrate it to your team or customer. The article will also provide step-by-step guidance on how to make the PoC done.
Recently I was asked to help a colleague of mine on a policy named “Azure SQL Server auditing should be enabled“. He deployed an ARM template to enable auditing but the deployment didn’t reflect the setting in Azure Portal.
In this article, let’s look into the problem the colleague had. We will also modify the built-in policy to make it more useful.
Backup would be the last hope for you in an attempt of recovering your infrastructure after a cyber attack. Malware doesn’t only steal and exfiltrate data but also scans and deletes your backup. The soft delete feature is designed to address such a concern of data destruction.
In this article, let’s look into some aspects of the soft delete feature in Azure Backup.
There are two different policies in Azure Security Center/Azure Policy scan virtual network resources and DDoS protection plan. Your virtual network resources may fall into the list of non-compliant resources in one of these policies. In this article, let’s demystify the two policies and remediate or justify them in case you are asked by a compliance guy. Continue reading
Watchlist in Azure Sentinel allows you to build your own data from external data sources for correlation with analytics or hunting rules in your Azure Sentinel environment.
In this article, what we are going to do is explore Azure Sentinel Watchlist REST API and then create Azure Role Assignment watchlist.