Archives
- January 2022 (3)
- December 2021 (9)
- November 2021 (13)
- August 2021 (1)
- July 2021 (6)
- June 2021 (1)
- May 2021 (1)
- April 2021 (1)
- January 2021 (1)
- August 2020 (1)
- July 2020 (3)
- June 2020 (1)
- March 2020 (5)
- February 2020 (3)
- January 2020 (18)
- December 2019 (22)
- November 2019 (3)
- October 2019 (1)
- July 2019 (1)
- April 2019 (2)
- January 2019 (2)
- October 2018 (2)
- September 2018 (1)
- August 2018 (4)
- July 2018 (4)
- February 2018 (6)
- January 2018 (3)
- November 2017 (1)
- August 2017 (3)
- May 2017 (4)
- April 2017 (4)
- December 2016 (1)
Categories
- Application Security (1)
- Azure Security Center (10)
- Governance & Compliance (19)
- Host Protection (3)
- Identity & Access Control (9)
- Monitoring & Detection (22)
- Network Security (3)
- Secure Development (13)
- Security Automation (53)
- Security Operation (21)
- Service Overview (1)
Tag Archives: azure security center
Everything you need to know about Azure Security Center Alert Suppression
Different environments may have special configuration that may trigger the alert. And those false positive alerts keep annoying SecOps team. One of the features that SecOps guys working on Azure Security Center wish to have is the ability to automatically … Continue reading
Alert Grouping feature in Azure Sentinel
One of the things that SecOps guys needs when working with Azure Sentinel is the ability to group all alerts that have similar characteristics into a single incident in order to better manage and respond. Given an example about Traffic … Continue reading
Posted in Monitoring & Detection
Tagged azure security center, azure sentinel alert grouping
3 Comments
Demystify alert generated by Azure Sentinel versus other 3rd products
There is a question in the community asking about alert field in Incident page, along with the question about what it meant. In this article, let’s talk about that and see how to distinguish between alert generated from Azure Sentinel … Continue reading
Posted in Security Operation
Tagged azure security center, azure sentinel alert, azure sentinel incident
1 Comment
An analysis of Suspicious Authentication activity from Azure Security Center
There are some readers after following this article to simulate alerts generated from Azure Security Center approaching me asking about one of the alerts they have seen named Suspicious authentication activity. They don’t know whether their testing virtual machines in … Continue reading
Posted in Monitoring & Detection
Tagged azure security analysis, azure security center, azure sentinel
2 Comments
Security Monitoring and Detection Tips for your Storage Account – Part 3
In previous article you learned about different ways to collect Azure Storage account logs. You also learned about a model of centralizing Storage account log. No matter how you want to build, your storage account log should be ready for … Continue reading
Audit Azure Security Center in your tenant
Part of Azure Security Center deployment plan in your organization you need to extract Azure Security Center in your tenant so you can determine whether you want to enable Standard tier for some resource types, as well as plan for … Continue reading
Connect Azure Security Center to Azure Sentinel programatically
Previously you knew how to integrate Azure Security Center to Azure Sentinel to make sure alerts are tracked as incidents in Azure Sentinel. Now you have decided to connect many Azure Security Center to your Azure Sentinel. This article is … Continue reading
Working with Azure Security Center Alert from Azure Sentinel
You wouldn’t want to jump over from Azure Security Center and Azure Sentinel to manage and operate security. We all know what they are and how they are used for which purpose. The ultimate goal would be to reduce effort … Continue reading
Be aware of Just-In-Time Azure VM
I got a question from a friend asking why his virtual machine had Network Security Group to restrict his IP on management port like 22 and 3389 his virtual machine still got attacked with brute-force attack technique. In this article, … Continue reading
Posted in Security Automation
Tagged azure just in time access, azure security center
Leave a comment
Simulate alerts to be caught by ASC
I got a question from my friend about how to safely create alerts in order to test Azure Security Center. He wanted to test several automation capabilities such as Azure Sentinel, ASC playbook with Logic App or any form of … Continue reading