Tag Archives: azure security center

Alert Grouping feature in Azure Sentinel

Posted on 02/24/2020 by azsec

One of the things that SecOps guys needs when working with Azure Sentinel is the ability to group all alerts that have similar characteristics into a single incident in order to better manage and respond. Given an example about Traffic … Continue reading

Posted in Monitoring & Detection | Tagged , | Leave a comment

Demystify alert generated by Azure Sentinel versus other 3rd products

Posted on 01/12/2020 by azsec

There is a question in the community asking about alert field in Incident page, along with the question about what it meant. In this article, let’s talk about that and see how to distinguish between alert generated from Azure Sentinel … Continue reading

Posted in Security Operation | Tagged , , | 1 Comment

An analysis of Suspicious Authentication activity from Azure Security Center

Posted on 01/10/2020 by azsec

There are some readers after following this article to simulate alerts generated from Azure Security Center approaching me asking about one of the alerts they have seen named Suspicious authentication activity. They don’t know whether their testing virtual machines in … Continue reading

Posted in Monitoring & Detection | Tagged , , | 2 Comments

Security Monitoring and Detection Tips for your Storage Account – Part 3

Posted on 12/20/2019 by azsec

In previous article you learned about different ways to collect Azure Storage account logs. You also learned about a model of centralizing Storage account log. No matter how you want to build, your storage account log should be ready for  … Continue reading

Posted in Monitoring & Detection | Tagged , | 3 Comments

Audit Azure Security Center in your tenant

Posted on 12/15/2019 by azsec

Part of Azure Security Center deployment plan in your organization you need to extract Azure Security Center in your tenant so you can determine whether you want to enable Standard tier for some resource types, as well as plan for … Continue reading

Posted in Security Automation | Tagged , | Leave a comment

Connect Azure Security Center to Azure Sentinel programatically

Posted on 12/14/2019 by azsec

Previously you knew how to integrate Azure Security Center to Azure Sentinel to make sure alerts are tracked as incidents in Azure Sentinel. Now you have decided to connect many Azure Security Center to your Azure Sentinel. This article is … Continue reading

Posted in Security Automation | Tagged , | 3 Comments

Working with Azure Security Center Alert from Azure Sentinel

Posted on 12/10/2019 by azsec

You wouldn’t want to jump over from Azure Security Center and Azure Sentinel to manage and operate security. We all know what they are and how they are used for which purpose. The ultimate goal would be to reduce effort … Continue reading

Posted in Azure Security Center | Tagged , | 7 Comments

Be aware of Just-In-Time Azure VM

Posted on 12/02/2019 by azsec

I got a question from a friend asking why his virtual machine had Network Security Group to restrict his IP on management port like 22 and 3389 his virtual machine still got attacked with brute-force attack technique. In this article, … Continue reading

Posted in Security Automation | Tagged , | Leave a comment

Simulate alerts to be caught by ASC

Posted on 12/02/2019 by azsec

I got a question from my friend about how to safely create alerts in order to test Azure Security Center. He wanted to test several automation capabilities such as Azure Sentinel, ASC playbook with Logic App or any form of … Continue reading

Posted in Azure Security Center | Tagged , | 7 Comments

Work with Azure Security Center alert in Log Analytics

Posted on 11/29/2019 by azsec

Azure Security Center allows you to specify a Log Analytics (LA) workspace to collect data. As far as I know there are two data types that are fed to the configured workspace: SecurityAlert and SecurityEvent. Microsoft recently introduced a Continuous Export … Continue reading

Posted in Azure Security Center | Tagged , , | 4 Comments