Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 6 Hunting

The previous previous blog post is part 5 in this series. Azure Sentinel provides features for Hunting as a proactive step of looking for security threats for security analysts through the mountains of data collected. According to this article Threat Hunting Vs. SIEM by Infosec, hunting is defined as “Threat hunting is the act of …

Continue reading Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 6 Hunting

Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 4 Analytics

Continuing from post Part 3. Create a Analytics Rule which will generate an incident for investigation for web attacks. I would call this more of an active monitoring approach vs the Azure Sentinel workbooks. An analytics rule seems to me the same process of creating a log analytics alert rule. Once Azure Sentinel is connected …

Continue reading Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 4 Analytics

Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 3 Monitoring

Continuing from blog post Part 2. Azure Sentinel Workbooks provides custom dashboard to see the data in the form of visualizations and tables. These data presentations are based on queries to the log analytics workspace. You can create a workbook from scratch or leverage built-in workbooks by starting from templates. For the Web Application Firewall …

Continue reading Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 3 Monitoring

Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 2 Setup

Continuing from the previous post Part 1, Let's setup Azure Sentinel with a Log Analytics Workspace. To setup Azure Sentinel, you need to add a log analytics workspace. In my case, I have an existing log analytics workspace, called rkimOMS, that is already configured to collect diagnostic data from an existing application gateway. Data Connectors …

Continue reading Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 2 Setup

How to get the Secret from an Output of an Azure Key Vault ARM Template Deployment to the Main ARM Template

The Scenario I have a set of ARM templates that deploys an azure app service solution with Azure Key Vault and a secret value. The main template is calling out via the linked template resource reference to the Key Vault resource template. ... snippet ... }, "resources": [ { "apiVersion": "2018-05-01", "name": "linkedTemplate-keyvault", "type": "Microsoft.Resources/deployments", …

Continue reading How to get the Secret from an Output of an Azure Key Vault ARM Template Deployment to the Main ARM Template

Issue Resolution: App Gateway returning ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY in Chrome

Background: I have an Azure App Gateway with the Web Application Firewall that is fronting an Azure App Service for http traffic. Issue: Visiting the public URL of my web app in IE works fine, but in Chrome, I get an error ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY What is the general cause? According to this article, "By default, IIS …

Continue reading Issue Resolution: App Gateway returning ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY in Chrome

Renewing the Azure App Service SSL Certificate in an Application Gateway HTTP Listener

Scenario: The SSL certificate used in my Azure Application Gateway has expired and needs to be replaced. This SSL certificate was bought through the Azure Portal. Background: The certificate was provisioned through the App Service Certificate service in Azure. The certificate is store in my Azure Key Vault. The App Gateway is used as an …

Continue reading Renewing the Azure App Service SSL Certificate in an Application Gateway HTTP Listener

Penetration Testing Your Web App with Azure Application Gateway WAF Part 2: OWASP ZAP Tool

Continuing from my last post Penetration Testing Your Web App with Azure Application Gateway WAF Part 1: Intro, I will demonstrate a very simple penetration test. Thanks to Tanya Janca (@shehackspurple), an OWASP specialist, who suggested I try out the OWASP ZAP tool. “The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free …

Continue reading Penetration Testing Your Web App with Azure Application Gateway WAF Part 2: OWASP ZAP Tool

Penetration Testing Your Web App with Azure Application Gateway WAF Part 1: Intro

In setting up an application with appliances that provide protections from cyber threats, it is always necessary to have penetration testing and monitoring throughout the solution's lifecycle management. I will demonstrate the following scenario: Protect your web app using Azure Application Gateway’s Web Application Firewall features. Enable and configure the WAF The web app is …

Continue reading Penetration Testing Your Web App with Azure Application Gateway WAF Part 1: Intro