New Blog Post | Automating bulk onboarding of Azure IaaS and PaaS resources into Microsoft Sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-3372136%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20Automating%20bulk%20onboarding%20of%20Azure%20IaaS%20and%20PaaS%20resources%20into%20Microsoft%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3372136%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AshleyMartin_0-1652460890182.png%22%20style%3D%22width%3A%20608px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F371505i6A2F462554E52C55%2Fimage-dimensions%2F608x348%3Fv%3Dv2%22%20width%3D%22608%22%20height%3D%22348%22%20role%3D%22button%22%20title%3D%22AshleyMartin_0-1652460890182.png%22%20alt%3D%22AshleyMartin_0-1652460890182.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-sentinel-blog%2Fautomating-bulk-onboarding-of-azure-iaas-and-paas-resources-into%2Fba-p%2F3356727%3FWT.mc_id%3Dmodinfra-67219-rotrent%22%20target%3D%22_blank%22%3EAutomating%20bulk%20onboarding%20of%20Azure%20IaaS%20and%20PaaS%20resources%20into%20Microsoft%20Sentinel%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EThis%20blog%20was%20authored%20in%20collaboration%20with%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F94294%22%20target%3D%22_blank%22%3E%40Inwafula%3C%2FA%3E%26nbsp%3B.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20recent%20years%2C%20cloud%20computing%20has%20grown%20in%20leaps%20and%20bounds%20due%20to%20its%20flexibility%20and%20agility%20in%20supporting%20business%20goals.%20Not%20surprisingly%2C%20the%20cloud%20also%20presents%20an%20equally%20attractive%20target%20for%20cyber%20attackers.%20This%20blog%20will%20focus%20on%20two%20key%20challenges%20as%20far%20as%20security%20monitoring%20goals%20for%20IaaS%20and%20PaaS%20resources%20on%20Azure%20are%20concerned%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3ESecuring%20current%20IaaS%20and%20PaaS%20digital%20estate%20by%20onboarding%20Microsoft%20Sentinel%20in%20bulk%3C%2FLI%3E%0A%3CLI%3EAutomating%20newly%20created%20resources%20into%20Microsoft%20Sentinel%26nbsp%3B%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3ETo%20address%20these%20challenges%2C%20the%20blog%20will%20cover%20the%20end-to-end%20process%20of%20onboarding%20Azure%20IaaS%20and%20PaaS%20resources%20into%20Log%20Analytics%2C%20enabling%20of%20related%20analytics(detection)%20rules%20and%20workbooks(dashboards)%2C%20then%20attaching%20of%20automation%20playbooks%20to%20perform%20automatic%20remediation%20and%20SOC%20process%20activities.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%23006F9A%22%3E%3CSTRONG%3EProcess%20Flow%3A%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E1.%20Onboard%20Azure%20IaaS%20and%20PaaS%20resources%20into%20a%20Log%20Analytics%20workspace%20enabled%20for%20Microsoft%20Sentinel.%3C%2FP%3E%0A%3CP%3E2.%20Enable%20the%20built-in%20analytics%20rules%20associated%20with%20those%20resources%2C%20along%20with%20customized%20ones.%3C%2FP%3E%0A%3CP%3E3.%20Creation%20of%20custom%20analytics%20rules%3C%2FP%3E%0A%3CP%3E4.%20Attach%20automation%20playbooks%20to%20the%20analytics%20rules.%3C%2FP%3E%0A%3CP%3E5.%20Enable%20workbooks%20available%20out%20of%20the%20box%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3372136%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Sentinel%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

AshleyMartin_0-1652460890182.png

Automating bulk onboarding of Azure IaaS and PaaS resources into Microsoft Sentinel - Microsoft Tech...

This blog was authored in collaboration with @Inwafula .

 

In recent years, cloud computing has grown in leaps and bounds due to its flexibility and agility in supporting business goals. Not surprisingly, the cloud also presents an equally attractive target for cyber attackers. This blog will focus on two key challenges as far as security monitoring goals for IaaS and PaaS resources on Azure are concerned:

  1. Securing current IaaS and PaaS digital estate by onboarding Microsoft Sentinel in bulk
  2. Automating newly created resources into Microsoft Sentinel 

To address these challenges, the blog will cover the end-to-end process of onboarding Azure IaaS and PaaS resources into Log Analytics, enabling of related analytics(detection) rules and workbooks(dashboards), then attaching of automation playbooks to perform automatic remediation and SOC process activities.

 

Process Flow:

1. Onboard Azure IaaS and PaaS resources into a Log Analytics workspace enabled for Microsoft Sentinel.

2. Enable the built-in analytics rules associated with those resources, along with customized ones.

3. Creation of custom analytics rules

4. Attach automation playbooks to the analytics rules.

5. Enable workbooks available out of the box

0 Replies