ARM Templates Fundamentals: My Development Workflow

Objective: To show my own experience and development workflow for building out infrastructure-as-code with Azure Resource Manager (ARM) Templates. My hope is that for novices this provides some insight and starting point to develop your own workflow. My Infrastructure as code workflow: 1. Setup a development azure subscription and resource group for your ARM deployment. …

Continue reading ARM Templates Fundamentals: My Development Workflow

Planning Essentials for an Azure Kubernetes Cluster – Part 2

Continuing from blog post Part 1, the objective is to go through some essentials for planning out a simple Azure Kubernentes Cluster to host your containerized or microservices application in a development/test or proof of concept (POC) environment. Also, to lay out the foundation to build upon towards a production grade environment. Identity Access Security …

Continue reading Planning Essentials for an Azure Kubernetes Cluster – Part 2

Planning Essentials for an Azure Kubernetes Cluster – Part 1

Background: Getting started and learning Azure Kubernetes Service (AKS) is known to be a steep learning curve. In addition to planning for an AKS setup has a ton of design and architecture considerations. Objective: Go through some essentials for planning a simple Azure Kubernetes Cluster to host your containerized or micro-services application in a development/test …

Continue reading Planning Essentials for an Azure Kubernetes Cluster – Part 1

ARM Templates Fundamentals: My Development Tools

Azure ARM Templates provides the ability to deploy azure resource infrastructure in a repeatable, declarative and repeatable state. It is infrastructure-as-code. For those getting started and wondering what they need to build your tool belt, I will share what my tool belt and development process look like. My Software and tools My operating system is …

Continue reading ARM Templates Fundamentals: My Development Tools

Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 6 Hunting

The previous previous blog post is part 5 in this series. Azure Sentinel provides features for Hunting as a proactive step of looking for security threats for security analysts through the mountains of data collected. According to this article Threat Hunting Vs. SIEM by Infosec, hunting is defined as “Threat hunting is the act of …

Continue reading Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 6 Hunting

Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 5 Incidents

The previous blog post part 4, I have shown how to create Analytics rules that alert for SQL Injection attacks. I will show the incidents that are generated from this rule to do further investigation. Your organization may have a cyber security team that will monitor, analyze and investigate incidents to evaluate threats. Incidents investigation …

Continue reading Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 5 Incidents

Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 4 Analytics

Continuing from post Part 3. Create a Analytics Rule which will generate an incident for investigation for web attacks. I would call this more of an active monitoring approach vs the Azure Sentinel workbooks. An analytics rule seems to me the same process of creating a log analytics alert rule. Once Azure Sentinel is connected …

Continue reading Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 4 Analytics

Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 3 Monitoring

Continuing from blog post Part 2. Azure Sentinel Workbooks provides custom dashboard to see the data in the form of visualizations and tables. These data presentations are based on queries to the log analytics workspace. You can create a workbook from scratch or leverage built-in workbooks by starting from templates. For the Web Application Firewall …

Continue reading Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 3 Monitoring

Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 2 Setup

Continuing from the previous post Part 1, Let's setup Azure Sentinel with a Log Analytics Workspace. To setup Azure Sentinel, you need to add a log analytics workspace. In my case, I have an existing log analytics workspace, called rkimOMS, that is already configured to collect diagnostic data from an existing application gateway. Data Connectors …

Continue reading Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 2 Setup

Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 1 Intro

Requirement Use Azure Sentinel to monitor and investigate incidents of cyber-attacks on a web application by having a layer of protection by leveraging the Azure Application Gateway’s Web Application Firewall. Solution Design The Azure Application Gateway is a layer 7 web traffic load balancer with many features to manage your traffic. This includes the WAF …

Continue reading Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 1 Intro