infernux.no - infernux.no

Enable Defender for DevOps in Azure DevOps pipelines

Quick introduction to Defender for DevOps and how to enable it in an Azure DevOps pipeline.

Posted on October 13, 2022

Introduction [Read More]

Tags: Cloud Security, Defender for Cloud, Defender for DevOps, Azure DevOps

Creating smart Data Collection Rules by parsing EventIDs from Analytic Rules

Data Collection Rules allows us to create custom filters based on XPath-queries. If we do this based on active Analytic Rules, we can create DCRs that only ingest the data we actually have detection for.

Posted on October 4, 2022

Introduction [Read More]

Tags: Microsoft Sentinel, Active Directory, Azure Monitor Agent, Azure Arc, Data Collection Rules, Windows Security Events

Azure Lighthouse 101

What is Azure Lighthouse, what does it do and how does it do it?

Posted on September 21, 2022

Introduction [Read More]

Tags: Azure, Azure Lighthouse, ARM Template, Managed Services

Templating Microsoft Sentinel Analytic Rules using Powershell and CI/CD pipelines

Using the Microsoft Sentinel API and Powershell we can download all the components we want and template them for deployment - this allows you to create Analytic Rules in the Azure Portal and deploy them to multiple customers using CI/CD pipelines.

Posted on September 15, 2022

Templating [Read More]

Tags: Microsoft Sentinel, Azure DevOps, Analytic Rules, Powershell, Microsoft Sentinel API, ARM-templates

Adding a Key Vault to your Microsoft Sentinel Data Connector ARM-template

A subset of Data Connector for Sentinel come in the form of Azure Functions deployed using an ARM-template. Most if not all of these functions avoid actually implementing a Key Vault to secure your variables, so here's the snippets to implement it yourself.

Posted on September 12, 2022

Introduction [Read More]

Tags: Microsoft Sentinel, ARM-templates, Azure Functions, Data connectors, Key vault