Using Defender XDR Portal to hunt for Kubernetes security issues
In the last article,we showed how to leverage binary drift detection. In this article (Part 2 of the Series) we will build on that capability using Defender XDR Portal. This article will walk you through some starter queries to augment the Defender for Container alerts and show you a quick way to hunt without requiring you to have an in-depth understanding of Kubernetes. To recap the series: Part 1: Newest detection “binary drift” and how you can expand the capability using Microsoft XDR Portal https://learn.microsoft.com/en-us/defender-xdr/microsoft-365-defender-portal. We will also look what you get as result of native integration between Defender for Cloud and Microsoft XDR. We will also showcase why this integration is advantageous for your SOC teams Part 2 [current]: Further expanding on the integration capabilities, we will demonstrate how you can automate your hunts using Custom Detection Rules https://learn.microsoft.com/en-us/defender-xdr/custom-detection-rules. Reducing operational burden and allowing you to proactively detect Kubernetes security issues. Wherever applicable, we will also suggest an alternative way to perform the detection Part 3: Bringing AI to your advantage, we will show how you can leverage Security Copilot both in Defender for Cloud and XDR portal for Kubernetes security use cases.Leveraging Azure native tooling to hunt Kubernetes security issues
This series shows you how you can maximize your investments in Microsoft Security tools by leveraging XDR Portal and Defender for Kubernetes to hunt for security issues. If you are in red team this article will shorten your learning curve by allowing you to identify security issues using KQL with Container Security Alerts. This series is part of “Security using Azure Native services” series and assumes that you are following the series “A guide to using Microsoft Sentinel for monitoring the security of your containerized applications and orchestration platforms” https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/setting-up-sentinel-for-kubernetes-monitoring/ba-p/4118593Microsoft Defender for Cloud Extends Support to Enable Increased API Security Testing Visibility
At Microsoft Ignite 2023, Microsoft Defender for Cloud announced the support of API security testing integration, enabling Defender for Cloud to provide full lifecycle API protection from code to cloud, which makes Microsoft the only cloud provider that enables organizations to assess risk and address API threats across the entire cloud application lifecycle. Today, we’re happy to announce this support has been extended to two additional API security testing solutions and is currently in public preview. Additionally, we’re thrilled to share that support of Azure DevOps environments is in public preview. Customers can now choose from a variety of API security testing solutions in the and integrate the solutions within their DevOps pipelines, allowing security teams to have centralized visibility of the assessed API security posture within Defender for Cloud. Supported solutions now include 42Crunch, Bright Security, and StackHawk.End to end container security with unified SOC experience
In the dynamic landscape of cloud security, the journey from code to runtime protection is a narrative of innovation and adaptation. At the heart of this evolution lies Microsoft Defender for Cloud, a CNAPP solution designed to fortify multi-cloud environments seamlessly. Today we are announcing recent releases and enhancements for container security in Defender for Cloud with the general availability of Defender for Containers in AWS and GCP, containers risk-based prioritization, attack path analysis, Kubernetes identity monitoring, new eBPF sensor, detections and investigation capabilities. This articledelves into the story of Microsoft Defender for Cloud’s recent capabilities across different stages of container applications deployment lifecycle.
