Continuing from post Part 3. Create a Analytics Rule which will generate an incident for investigation for web attacks. I would call this more of an active monitoring approach vs the Azure Sentinel workbooks. An analytics rule seems to me the same process of creating a log analytics alert rule. Once Azure Sentinel is connected …
Continuing from blog post Part 2. Azure Sentinel Workbooks provides custom dashboard to see the data in the form of visualizations and tables. These data presentations are based on queries to the log analytics workspace. You can create a workbook from scratch or leverage built-in workbooks by starting from templates. For the Web Application Firewall …
Continuing from the previous post Part 1, Let's setup Azure Sentinel with a Log Analytics Workspace. To setup Azure Sentinel, you need to add a log analytics workspace. In my case, I have an existing log analytics workspace, called rkimOMS, that is already configured to collect diagnostic data from an existing application gateway. Data Connectors …
Requirement Use Azure Sentinel to monitor and investigate incidents of cyber-attacks on a web application by having a layer of protection by leveraging the Azure Application Gateway’s Web Application Firewall. Solution Design The Azure Application Gateway is a layer 7 web traffic load balancer with many features to manage your traffic. This includes the WAF …
For the novice, learning to deploy Azure resources through ARM template deployments, I like share and explain an error and resolution specifically when it comes to using linked arm templates The Situation I have am deploying an Azure App Service function app in an ARM template that also calls out to deploy another azure resource …
This articles assume you have a good working knowledge of ARM linked templates. Background: I am deploying a SQL Server resource arm template through a linked template. I want to get the values of the output of this linked template to pass into as values into properties of the azure website resource in the main …
The Scenario I have a set of ARM templates that deploys an azure app service solution with Azure Key Vault and a secret value. The main template is calling out via the linked template resource reference to the Key Vault resource template. ... snippet ... }, "resources": [ { "apiVersion": "2018-05-01", "name": "linkedTemplate-keyvault", "type": "Microsoft.Resources/deployments", …
Background: I have an Azure App Gateway with the Web Application Firewall that is fronting an Azure App Service for http traffic. Issue: Visiting the public URL of my web app in IE works fine, but in Chrome, I get an error ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY What is the general cause? According to this article, "By default, IIS …
When deploying a set of azure resources using Azure Resource Manager (ARM) templates in a single file can leave with a large json file that can be difficult to manage and maintain. To employ modularity and reuse, you can break out azure resources into its own ARM template and have an ARM template link or …
Continue reading Linked ARM Templates for a Multi Resource Azure Solution
Azure Bastion provides remote desktop or SSH access to Azure Virtual machines that are private within the network. I work with bastions or what I call jump servers to manage Azure IaaS resources quite often and so excited to hear about Azure Bastion as a PaaS offering. A Typical ScenarioIn a secure public cloud environment …
Roy Kim on Azure and AI 