Tag: SIEM

Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 5 Incidents

On By Roy Kim (MVP)In Azure, Azure PaaS3 Comments

The previous blog post part 4, I have shown how to create Analytics rules that alert for SQL Injection attacks. I will show the incidents that are generated from this rule to do further investigation. Your organization may have a cyber security team that will monitor, analyze and investigate incidents to evaluate threats. Incidents investigation …

Continue reading Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 5 Incidents

Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 4 Analytics

On By Roy Kim (MVP)In Azure, Azure PaaS, Security3 Comments

Continuing from post Part 3. Create a Analytics Rule which will generate an incident for investigation for web attacks. I would call this more of an active monitoring approach vs the Azure Sentinel workbooks. An analytics rule seems to me the same process of creating a log analytics alert rule. Once Azure Sentinel is connected …

Continue reading Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 4 Analytics

Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 2 Setup

On By Roy Kim (MVP)In Azure, Networking, Security2 Comments

Continuing from the previous post Part 1, Let's setup Azure Sentinel with a Log Analytics Workspace. To setup Azure Sentinel, you need to add a log analytics workspace. In my case, I have an existing log analytics workspace, called rkimOMS, that is already configured to collect diagnostic data from an existing application gateway. Data Connectors …

Continue reading Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 2 Setup