Microsoft Defender for API Security Dashboard
Microsoft Defender for APIs is a plan provided by Microsoft Defender for Cloud that offers full lifecycle protection, detection, and response coverage for APIs. Defender for APIs is currently in public preview and currently provides security for APIs published in Azure API Management. Microsoft Defender for API plan provides us with amazing capabilities like, giving security admins the visibility to their business-critical managed APIs, provides you with security findings to investigate and improve your API security posture, also provides you with sensitive-data classification (API data classification) where the plan classifies APIs that are exposing, receiving or responding with sensitive data, also comes with real-time threat detection that generates alerts for suspicious activities. Defender for API plan continuously assesses the configurations of your managed APIs and compares them with the best practices and finds misconfigurations which generates security recommendations that will be published on Defender for Cloud's Recommendations page. As you can imagine, that’s a lot of information to keep track. So we wanted to provide you with a single-pane of glass view to help view all the findings associated with the Defender for APIs plan. With this blog, we are introducing you to Microsoft Defender for API Security Dashboard, that provides representation of the security posture of your API’s in different pivots that help you understand the overall security findings, threats in your environment and how to prioritize them. What’s in the Dashboard Defender for API Security dashboard is a workbook that provides a unified view and deep visibility into the issues. This workbook allows you to visualize the state of your API posture for the API endpoints that you have onboarded to Defender for APIs to better understand your unhealthy recommendations and the identified data classifications, authorization status, usage, and exposure of your APIs. You can also investigate detected threats on affected API resources, including the most affected API collections and endpoints, the top alert types, and progression of alerts over time. Pie-Charts & Details Example Overview: The overview section contains six pie-charts that represents the total number of alerts and how they map to the MITRE ATT&CK Tactics, security recommendations, coverage for API endpoints, and coverage for different subscriptions that you have access to. Hardening Recommendations: To drill into security recommendations, select the Hardening Recommendations tab. On this tab, you can investigate your unhealthy recommendations by severity level, see all affected resources, and get security insights such as unauthorized API endpoints that are externally facing and transfer sensitive data. Threat Detection – Alerts The Alerts tab displays your top 10 alerts type, a list of your affected resources, active alerts on selected resources, alerts over time, and a map of your affected APIs. Note You must enable Defender for APIs and onboard API endpoints in order to utilize this workbook How to Deploy Great News...!! This workbook is built into Microsoft Defender for Cloud portal. In the Azure portal > Navigate to Microsoft Defender for Cloud > Workbooks Additional Resources To learn more about Microsoft Defender for API offering, make sure to check out our documentation We are eager to hear your feedback on your experience with Defender for API capabilities. Please take sometime to fill in the survey Learn about API Security Alerts Learn about API Security Recommendations
Microsoft Defender for Cloud Onboarding workbook V2
The Defender for Cloud Onboarding Workbook V2 is the latest version of this workbook that was originally published August 2022. You can read more about the purpose of this workbook in this post. What’s New: The Defender Plans Onboarded Tab - displays the subscriptions that are onboarded to a Defender plan, status of the Defender Plan, and the resources deployed in the subscription. You can click on the status of the Defender Plan to On / Off on the subscription. You will be directed to the Defender Plans Blade on your selected Subscription. You can notice the status of each Defender Plan is On/Off, and the Resource quantity column displays the Resources deployed in the subscription. You can edit the status of the selected Defender Plan from here and click on save. Please be noted that Foundational CSPM is by default “On” on all subscriptions. The CSPM Tab - displays the subscriptions that are onboarded to a Defender for Cloud, status of the Defender CSPM Plan on the subscription, and the resources deployed in the subscription. You can click on the status of the Defender Plan to On/Off on the subscription. The Agentless Capabilities covered under Defender CSPM displays the Status is On/Off. “Not Available” indicates the required Defender Plan is not enabled, and hence the capability is not available. You can click on the On/Off status on the subscription to edit the Agentless capability. Edit the Status On/Off, and click “Continue” and “Save” the settings The API Tab - displays the subscriptions that are onboarded to a Defender for Cloud, status of the Defender for APIs Plan on the subscription, and the APIM resources deployed in the subscription. You can click on the status of the Defender Plan to On/Off on the subscription. The APIM resources overview displays the APIM resources deployed in the subscription, and their Public Network Access is Enabled/Disabled, and if the APIM is deployed into a VNET. The Onboard API collections displays if all the API collections in an APIM are onboarded to Defender for APIs. Click on “Not Onboarded” to onboard the API collection. You are directed to the assessment “Azure API Management APIs should be onboarded to Defender for APIs”. Select the API Endpoints under the Unhealthy resources and click on “Fix” The Storage Tab - displays the subscriptions that are onboarded to a Defender for Cloud, status of the Defender for Storage Plan on the subscription, and the Storage Account resources deployed in the subscription. You can click on the status of the Defender Plan to On/Off on the subscription. The Agentless capabilities like Data Sensitivity Discovery, Malware Scanning are only available with the DefenderForStorageV2Plan. “Not Available” indicates that the required plan is not enabled. The Containers Tab - displays the subscriptions that are onboarded to a Defender for Cloud, status of the Defender for Containers Plan on the subscription, and the Container resources deployed in the subscription. You can click on the status of the Defender Plan to On/Off on the subscription. The Agentless capability Container Registries VA is available with both the Defender For Containers Plan and Defender CSPM Plan. “Not Available” indicates that the required plan is not enabled. The Devops Tab - displays the Github Connectors and Azure Devops Connectors onboarded to the subscription The Github repositories that need to be enabled for Code Scanning, Secret scanning, Depandabot scanning are displayed. Click on “Unhealthy” status to enable scanning. You are directed to the relevant Recommendation. Select the Unhealthy resources and assign Owner to remediate the Recommendation. The AWS Tab - displays the the AWS Connectors deployed in the subscription, yhe status of the Defender Plans on the AWS Connector. You can click on the status of the Defender Plan to On/Off on the Connector. AWS Agentless capabilities like "Agentless VM scanning", "Data Sensitivity Discovery" are displayed. You are directed to the AWS Defender plans blade. You can edit the Defender plan on the AWS connector and click on “Configure access” When the Defender Plan settings are edited on the AWS connector, you need to download the cloud formation template and update the AWS environment. This is a required step to reflect your changes on the AWS connector, to the AWS environment. The GCP Tab - displays the the GCP Connectors deployed in the subscription, the status of the Defender Plans on the GCP Connector. You can click on the status of the Defender Plan to On/Off on the Connector. You are directed to the GCP Defender plans blade. You can edit the Defender plan on the GCP connector and click on “Configure access” and “Update” How to Deploy The Defender for Cloud Onboarding Workbook is available in the Microsoft Defender for Cloud GitHub Repo page, under Workbooks and can be accessed directly with its Defender for Cloud Onboarding Workbook V2 The workbook can be deployed quickly in the Azure Commercial and Gov cloud environments by clicking the respective “Deploy to Azure” buttons on the workbook page. Additional Resources To learn more about Microsoft Defender for Cloud, visit: https://aka.ms/ascninja To learn about Microsoft Defender for Cloud workbooks, visit: https://docs.microsoft.com/en-us/azure/security-center/custom-dashboards-azure-workbooks Acknowledgements Many thanks to Yuri Diogenes & Safeena Begum in supporting my initiative and suggesting feedbacks.Protect Against OWASP API Top 10 Security Risks Using Defender for APIs
The OWASP API Security Project focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of APIs. In this post, we'll dive into how Defender for APIs (a plan provided by Microsoft Defender for Cloud) provides security coverage for the OWASP API Top 10 security risks.
