The previous blog post part 4, I have shown how to create Analytics rules that alert for SQL Injection attacks. I will show the incidents that are generated from this rule to do further investigation. Your organization may have a cyber security team that will monitor, analyze and investigate incidents to evaluate threats. Incidents investigation …
Tag: AzureSentinel
Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 4 Analytics
Continuing from post Part 3. Create a Analytics Rule which will generate an incident for investigation for web attacks. I would call this more of an active monitoring approach vs the Azure Sentinel workbooks. An analytics rule seems to me the same process of creating a log analytics alert rule. Once Azure Sentinel is connected …
Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 3 Monitoring
Continuing from blog post Part 2. Azure Sentinel Workbooks provides custom dashboard to see the data in the form of visualizations and tables. These data presentations are based on queries to the log analytics workspace. You can create a workbook from scratch or leverage built-in workbooks by starting from templates. For the Web Application Firewall …
Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 2 Setup
Continuing from the previous post Part 1, Let's setup Azure Sentinel with a Log Analytics Workspace. To setup Azure Sentinel, you need to add a log analytics workspace. In my case, I have an existing log analytics workspace, called rkimOMS, that is already configured to collect diagnostic data from an existing application gateway. Data Connectors …
Roy Kim on Azure and AI 