Enable Bring Your Own License (BYOL)
A customer uses Bring your own license (BYOL) capability, which is being deprecated, to deploy Qualys extension in their VMs. They are questioning about the deprecation, this deprecation implicates the deploy won't be more available, but what happen with the machines already has deployed the Qualys extension? Will the extension be removed from machines, since it was deployed via BYOL? Or after deprecated the extension continues working for the already deployed machines?
KQL Secure score controls and Assessments
I have a query that is working but is not producing what I need. a query that will combine the Recommedation categories( 13 listed under the Classic View in recommendations) and the individual assessments associated to those categories: securityresources | where type == "microsoft.security/securescores/securescorecontrols" | extend category_name = tostring(properties.displayName) //category name | extend Tenant_Id=tostring(tenantId) | extend healthy = properties.healthyResourceCount | extend unhealthy = properties.unhealthyResourceCount | extend notApplicable = properties.notApplicableResourceCount | extend score = properties.score | extend scr= parse_json(score) | project category_name, healthy, unhealthy, notApplicable, CurrentScore=scr.current, MaxScore=scr.max, Tenant_Id | join ( securityresources | where type == "microsoft.security/assessments" | extend assessment_name = tostring(properties.displayName) //assessment name | extend Tenant_Id=tostring(tenantId) | extend resourceName = properties.resourceDetails.ResourceName | extend status = properties.status.code | extend metadata = properties.metadata | extend severity = metadata.severity | project assessment_name, resourceName, status, severity, Tenant_Id ) on Tenant_Id | project category_name, assessment_name, resourceName, status, severity, healthy, unhealthy, notApplicable, CurrentScore, MaxScore,Tenant_Id This is a work in progress script, I do get a valid script but I know it is not working like I need it to work. For example, when I run this script, I get for "assessment_name: EDR solution should be installed on Virtual Machines" but for the "category_name" I get "Restrict unauthorized network access". It should be category_name = Enable endpoint protection. I'm trying to find a valid join field but not getting it correctly. Perhaps I need to add anothere "Type" but I'm not sure which. Please advise, Serge
New Blog| Defender for APIs Better Together w/ Azure Web Application Firewall + Azure API Management
Under the Microsoft Defender for Cloud umbrella, Microsoft Defender for APIs, offers protection for APIs at every stage of their lifecycle. This service enhances the protections from Web Application Firewalls and API Gateways, resulting in a comprehensive security framework for API endpoints. This article dives deeper into how Defender for APIs augments the security offered by Azure Web Application Firewall (Azure WAF) and Azure API Management (APIM). Read the full blog here: Defender for APIs Better Together with WAF and APIM (microsoft.com)New Blog Post | Defender for DevOps - Configuration of DevOps Pipeline Classic and YAML method
Full blog post: Defender for DevOps - Configuration of DevOps Pipeline Classic and YAML method - Microsoft Community Hub Microsoft Defender for DevOps shows the security posture of pre-production application code and resource configurations. Security teams can use the service to enable security checks for their templates and container images designed to minimize the chance that cloud misconfigurations reach production environments. Leveraging [insights] within Microsoft Defender for Cloud, security admins can help developers prioritize critical code fixes with actionable remediation and assign developer ownership by triggering custom workflows. Defender for DevOps uses a central console to empower security teams with the ability to protect applications and resources from code to cloud across multi-pipeline environments, such as GitHub, Azure DevOps and more to come. With an intent to help Security admins and developers, Azure DevOps provides two ways of configuration today. In this article we want to walk you through the configuration of Azure DevOps pipelines via the classic UI and YAML. Original post: New Blog Post | Defender for DevOps - Configuration of DevOps Pipeline Classic and YAML method - Microsoft Community Hub
Log Analytics workspace
Hello, can anyone help me understand the workspace used for Defender for Cloud How to identify which workspace is Defender for cloud connected to, older version of Defender for cloud has clear mention of the workspace name to which it is connected, the latest version just displays it as "Default Workspace" not the actual name of the workspace, as there are multiple "Default workspaces" in a subscription/Tenant. Thanks in Adv.ASC | New blog on Fileless Attack Detection for Linux Preview is expanding
The Azure Security Center team is excited to share that the Fileless Attack Detection for Linux Preview, which we announced earlier this year, is expanding to include all Azure VMs and non-Azure machines enrolled in Azure Security Center Standard and Standard Trial pricing tiers. This solution periodically scans your machine and extracts insights directly from the memory of processes. For more details please continue on the blog here.ASC Public Preview Announcement: ATP for Azure Storage extends its support to ADLS Gen2 API
We are happy to inform you that advanced threat protection for Azure Storage now supports Azure Data Lake Storage Gen2 API in public preview. What’s new in ATP for ADLS Gen2? Azure Data Lake Storage Gen2 (ADLS Gen2) is a set of capabilities dedicated to big data analytics. It’s built on Azure Blob storage, while focusing on performance, management and security. ADLS Gen2 was designed from the start to service multiple petabytes of information while sustaining hundreds of gigabits of throughput. For details please refer to the blog.
