Cloud Security and Architecture: Microsoft Holistic Security, Azure Security, Microsoft Sentinel, Defender for Cloud
update-ama.ps1 is a PowerShell script you can use to update the Azure Monitor Agent on Azure Virtual Machines and Azure Arc Machines. The script will handle both Linux and Windows servers with the below features. I have also written a universal extension upgrade script that can be used to upgrade any extension: update-extension.ps1 Usage – Azure … Read more
Overview If you have versions numbers that contain major and minor decimal places such as 1.2, 1.3, 1.3.1, 1.5 you may have noticed ordering by these fields doesn’t really work well. As we can see from the example below order by doesn’t properly order the version number column. 1.21.1 is a higher version number than … Read more
Overview Defender for Cloud has several integrations with Microsoft’s security ecosystem. These integrations allow data sharing between Defender for Cloud Apps, Defender for Endpoint, and Microsoft Sentinel. Most of these integrations are enabled by default on subscriptions, however in some circumstances some of these settings may not be enabled. The most common setting not enabled … Read more
As a best practice its generally advised to always have a network security group associated with a subnet which will ensure all resources in the subnet have the capability to be protected with layer 4 access control rules. Specific to virtual machines if you plan on using Defender for Servers Just-in-time virtual machine access a … Read more
Currently today you can ingest Windows Security Events to Microsoft Sentinel using the Windows Security Events via AMA data connector. This data connector will send events directly to the SecurityEvent table. When it comes to Windows event log collection its fairly important that events generally land in the SecurityEvent table. Most of the out of … Read more
Report on Defender for Endpoint’s health across Defender 365 and Defender for Cloud
Back in February of 2022 several new features for Azure Monitor were released to support long term data retention, data search, data recovery and data ingestion. More specifically these features are built into Azure Log Analytics which is the data lake for Microsoft Sentinel. While we are still waiting for many of these features to … Read more
A while back I developed a PowerShell script that provides the ability to import multiple Scheduled Analytics from the Sentinel template library. Check out the original article here: Mass Creating Scheduled Analytics Rules From Templates Grab the script here: sentinel-tools/analytics_rules at main · seanstark/sentinel-tools (github.com) Since then I have recently added a few new features … Read more
Get Public IP Addresses associated with Azure Storage Accounts
If you are planning on exporting raw events from Defender 365 to your SIEM you can easily estimate the table sizes and number of entries in Defender 365 Advanced Hunting. Estimate All Table Sizes Estimated Sentinel Price Update the price variable based on your region from the Azure pricing calculator. Price = Sentinel + Log … Read more