security automation blog

infernux.no
  • Archive
  • Presentations
  • About me

IP Allowlisting in Microsoft Sentinel Playbooks

Quick introduction to IP allowlisting in Microsoft Sentinel and some thoughts around how to (not) implement it.

Posted on October 26, 2022

Allowlisting introduction [Read More]
Tags: Cloud Security, Microsoft Sentinel, Playbooks

Enable Defender for DevOps in Azure DevOps pipelines

Quick introduction to Defender for DevOps and how to enable it in an Azure DevOps pipeline.

Posted on October 13, 2022

Introduction [Read More]
Tags: Cloud Security, Defender for Cloud, Defender for DevOps, Azure DevOps

Creating smart Data Collection Rules by parsing EventIDs from Analytic Rules

Data Collection Rules allows us to create custom filters based on XPath-queries. If we do this based on active Analytic Rules, we can create DCRs that only ingest the data we actually have detection for.

Posted on October 4, 2022

Introduction [Read More]
Tags: Microsoft Sentinel, Active Directory, Azure Monitor Agent, Azure Arc, Data Collection Rules, Windows Security Events

Azure Lighthouse 101

What is Azure Lighthouse, what does it do and how does it do it?

Posted on September 21, 2022

Introduction [Read More]
Tags: Azure, Azure Lighthouse, ARM Template, Managed Services

Templating Microsoft Sentinel Analytic Rules using Powershell and CI/CD pipelines

Using the Microsoft Sentinel API and Powershell we can download all the components we want and template them for deployment - this allows you to create Analytic Rules in the Azure Portal and deploy them to multiple customers using CI/CD pipelines.

Posted on September 15, 2022

Templating [Read More]
Tags: Microsoft Sentinel, Azure DevOps, Analytic Rules, Powershell, Microsoft Sentinel API, ARM-templates
  • ← Newer Posts
  • Older Posts →
  • Email me
  • RSS

infernuxmonster  •  2024  •  Infernux.no

Theme by beautiful-jekyll