Intro
Azure resources such as Azure Virtual Machines, Azure Storage Accounts, Azure Key Vault, Azure DNS, and more are essential parts of your network. Threat actors might attempt to obtain sensitive data from your storage account, gain access to your key vault and the secrets it contains, or infect your virtual machine with malware. The new Azure resource entity pages are designed to help your SOC investigate incidents that involve Azure resources in your environment, hunt for potential attacks, and assess risk.
What's in it for me
You can now gain a 360-degree view of your resource security with the new entity pages, which provide several layers of security information about your resources.
First, they provide some basic details about the resource: where it is located, when it was created, to which resource group it belongs, the Azure tags it contains, etc. Further, it surfaces information about access management: how many owners, contributors, and other roles are authorized to access the resource, and what networks are allowed access to it; what is the permission model of the key vault, is public access to blobs allowed in the storage account, and more.
The pages also include a few integrations that enrich the information about the resource:
You will also find two additional features on the entity page:
Scope of the feature
While most of the information described above applies to all resources, we provided more detailed information about virtual machines, key vaults, and storage accounts based on possible attack vectors. Later, we will expand to other resources as well.
What’s next?
We plan to add more relevant data to the pages, including advanced insights.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.