Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 6 Hunting

The previous previous blog post is part 5 in this series. Azure Sentinel provides features for Hunting as a proactive step of looking for security threats for security analysts through the mountains of data collected. According to this article Threat Hunting Vs. SIEM by Infosec, hunting is defined as “Threat hunting is the act of …

Continue reading Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 6 Hunting

Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 5 Incidents

The previous blog post part 4, I have shown how to create Analytics rules that alert for SQL Injection attacks. I will show the incidents that are generated from this rule to do further investigation. Your organization may have a cyber security team that will monitor, analyze and investigate incidents to evaluate threats. Incidents investigation …

Continue reading Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 5 Incidents

Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 4 Analytics

Continuing from post Part 3. Create a Analytics Rule which will generate an incident for investigation for web attacks. I would call this more of an active monitoring approach vs the Azure Sentinel workbooks. An analytics rule seems to me the same process of creating a log analytics alert rule. Once Azure Sentinel is connected …

Continue reading Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 4 Analytics

Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 3 Monitoring

Continuing from blog post Part 2. Azure Sentinel Workbooks provides custom dashboard to see the data in the form of visualizations and tables. These data presentations are based on queries to the log analytics workspace. You can create a workbook from scratch or leverage built-in workbooks by starting from templates. For the Web Application Firewall …

Continue reading Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 3 Monitoring

Error & Fix Linked ARM Template: The language expression property ‘templateLink’ doesn’t exist

For the novice, learning to deploy Azure resources through ARM template deployments, I like share and explain an error and resolution specifically when it comes to using linked arm templates The Situation I have am deploying an Azure App Service function app in an ARM template that also calls out to deploy another azure resource …

Continue reading Error & Fix Linked ARM Template: The language expression property ‘templateLink’ doesn’t exist

ARM Template Error & Fix: Invalid Template … The resource referenced in output is not defined in the template

This articles assume you have a good working knowledge of ARM linked templates. Background: I am deploying a SQL Server resource arm template through a linked template. I want to get the values of the output of this linked template to pass into as values into properties of the azure website resource in the main …

Continue reading ARM Template Error & Fix: Invalid Template … The resource referenced in output is not defined in the template

Issue Resolution: App Gateway returning ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY in Chrome

Background: I have an Azure App Gateway with the Web Application Firewall that is fronting an Azure App Service for http traffic. Issue: Visiting the public URL of my web app in IE works fine, but in Chrome, I get an error ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY What is the general cause? According to this article, "By default, IIS …

Continue reading Issue Resolution: App Gateway returning ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY in Chrome