New Blog Post | New Detections for Azure Firewall in Azure Sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-2247260%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20New%20Detections%20for%20Azure%20Firewall%20in%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2247260%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22JasonCohen1892_0-1617207278013.jpeg%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F268647i71E83927A8C86507%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22JasonCohen1892_0-1617207278013.jpeg%22%20alt%3D%22JasonCohen1892_0-1617207278013.jpeg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-network-security%2Fnew-detections-for-azure-firewall-in-azure-sentinel%2Fba-p%2F2244958%22%20target%3D%22_blank%22%3ENew%20Detections%20for%20Azure%20Firewall%20in%20Azure%20Sentinel%20(microsoft.com)%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EReaders%20of%20this%20post%20will%20hopefully%20be%20familiar%20with%20both%20Azure%20Firewall%20which%20provides%20protection%20against%20network-based%20threats%2C%20and%20Azure%20Sentinel%20which%20provides%20SEIM%20and%20SOAR%20(security%20orchestration%2C%20automation%2C%20and%20response)%20capabilities.%26nbsp%3B%20In%20this%20blog%2C%20we%20will%20discuss%20the%20new%20detections%20for%20Azure%20Firewall%20in%20Azure%20Sentinel.%26nbsp%3B%20These%20new%20detections%20allow%20security%20teams%20to%20get%20Sentinel%20alerts%20if%20machines%20on%20the%20internal%20network%20attempt%20to%20query%2Fconnect%20to%20domain%20names%20or%20IP%20addresses%20on%20the%20internet%20that%20are%20associated%20with%20known%20IOCs%2C%20as%20defined%20in%20the%20detection%20rule%20query.%26nbsp%3B%20True%20positive%20detections%20should%20be%20considered%20as%20Indicator%20of%20Compromise%20(IOC).%26nbsp%3B%20Security%20incident%20response%20teams%20can%20then%20perform%20response%20and%20appropriate%20remediation%20actions%20based%20on%20these%20detection%20signals.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2247260%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Firewall%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Sentinel%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECloud%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

JasonCohen1892_0-1617207278013.jpeg

New Detections for Azure Firewall in Azure Sentinel (microsoft.com)

Readers of this post will hopefully be familiar with both Azure Firewall which provides protection against network-based threats, and Azure Sentinel which provides SEIM and SOAR (security orchestration, automation, and response) capabilities.  In this blog, we will discuss the new detections for Azure Firewall in Azure Sentinel.  These new detections allow security teams to get Sentinel alerts if machines on the internal network attempt to query/connect to domain names or IP addresses on the internet that are associated with known IOCs, as defined in the detection rule query.  True positive detections should be considered as Indicator of Compromise (IOC).  Security incident response teams can then perform response and appropriate remediation actions based on these detection signals.

0 Replies