In this post I'm sharing a tip about how you can remove the Azure Sentinel service, but keep your ingested data in Log Analytics so you can actually keep working with the data for reports and auditing reasons.…
When working with Azure DevOps, there's a lot of options and configurations to tailor the service exactly to the needs of your organization. Part of the responsibilities that lie on the ones that managed these pipelines is to ensure that you don't spill the beans - or in other words, leak any sensitive data. With Azure DevOps, you can get sensitive data like Connection Strings, Secrets, API Keys and whatever else you may classify as sensitive, directly from an Azure Key Vault. In this post we'll explore how to configure Azure DevOps to fetch Secrets directly from Azure Key Vault…
A powerful capability of the Azure Sentinel service is that you can ingest data from a wide variety of sources. Using Connectors, you can even ingest data from other places than Azure, and you can get a more complete picture of your security posture across services in your technological landscape. In a previous post I talked about how to ingest Office 365 logs into your Azure Sentinel dashboards. In this post, I'm talking about how we can build our own Azure Log Analytics Data Collector API application to send custom logs to your Log Analytics workspace - and since I'm…
Azure Sentinel is a product from Microsoft, offering a cloud-native SIEM service. Sentinel uses clever AI (Artificial Intelligence) to make your threat detection and responses faster and smarter. A key feature with Azure Sentinel is that you can connect to other data sources. Microsoft has built-in support for ingesting data from a plethora of their own data sources, including: Azure ADOffice 365Cloud App SecurityAzure Activity LogAzure AD Identity ProtectionAzure Information Protection (AIP)Azure Advanced Threat Protection (ATP)Azure Security CenterDNSMicrosoft Web Application Firewal (WAF)Windows FirewallWindows Security Eventsand more...In this post I'll talk about how you can enable Azure…
Recently, Ben Coleman at Microsoft announced the ARM Template Viewer extension for Visual Studio Code, which can easily visualize your Azure Resource Manager templates directly from within VS Code. Three years ago, I wrote about Azure Resource Manager Template Visualization with ARMVIZ, which appears to now exist as a Visual Studio Code extension, too. I see it fit to post this tip about visualizing your templates, in case you're also doing a lot of template designing in your line of business. The joy, right? Visualizing your Azure Resource Manager templatesInstall the extension in VS Code. You can search for it,…
In this post we'll discuss: What is Key Vault, in case you landed here and you don't know.Configure diagnostics logging for your vaultQuerying the logs from your Azure Key VaultConnecting Azure Monitor and Rules to set up AlertsGet e-mails about any activity you need to reviewWhat is Azure Key Vault?Storing sensitive data in the cloud, as anywhere, is vital to the success of your online business and survival. Azure Key Vault provides a way to store keys, secrets and certificates securely and under lock and key in your Azure subscription. Examples of things you can put in your…
Sometimes the Scheduled trigger for Azure Functions does not fire, and we'll need to ensure we can monitor our systems accordingly to keep track of, and troubleshoot when this happens. In this post I'll walk through the required steps for two various monitoring options using Application Insights.…
Solved: How to run Unit Tests with Azure Storage Emulator on a Hosted Build Agent in Azure DevOps.…