Secure score power BI dashboard
We are following https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Secure%20Score to deploy secure score over the time dashboard for MDC. however steps for the deployment are very old when we had azure security center instead of MDC and prerequisites are not properly documented. As per the article we need to: Export the secure score data to Log analytics workspace by using continuous report option in MDC portal. Deploy Secure Score over the time workbook which can export the secure score data to Log Analytics workspace (not clear if this will pull reports every 24 hours and what permissions are required on Log Analytics workspace and to deploy the workbook) Do we need to export the secure score data to same Log Analytics workspace on which MDC is deployed or a separate workspace is needed ? If MDC already uses Log analytics workspace in the backend to store the logs then why can't we pull the secure score log data directly? why we need to export the secure score data to Log Analytics workspace first then to connect it to dashboard ?Survey: Endpoint Protection!
Hi Everyone, we need your feedback! Microsoft is actively investing in expanding endpoint protection in Azure Security Center. This is your opportunity to influence our thinking and priorities in where to invest. https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fforms.office.com%2FPages%2FResponsePage.aspx%3Fid%3Dv4j5cvGGr0GRqy180BHbR-kibZAPJAVBiU46J6wWF_5UNVhMOUkyRjc5UE5QSjc4MDVDQkozQUpGTS4u&data=02%7C01%7Cv-vakoli%40microsoft.com%7C7f27dae207ab471cf96408d71cf8e737%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637009727703595244&sdata=yN69tmUz8MrALj4WG165NOs7Mw8oTZaYXCoqZzcJzYE%3D&reserved=0 to the quick, 3 question, feedback form asking your opinion on a few topics. Note: No personal information is collected in this feedback form. Thank you!
Security alerts in Microsoft defender for Cloud
Hello All, we have received below security alert in Microsoft defender for cloud for our App service. 1) NMap scanning detected (for this we got the carrier and organization as Microsoft) 2) Vulnerability scanner detected 3) Suspicious User Agent detected Our website is Internet facing (Public facing). so, we cannot put much restriction on our app service (ex IP restriction, SSL certificate). We are unable to investigate the below alerts. we checked the log analytics workspace logs but and extracted the logs from the caller IP. but could not find much information form it we also checked there was no impact found on our webapp. 1) NMap scanning detected (for this we got the carrier and organization as Microsoft) 2) Vulnerability scanner detected 3) Suspicious User Agent detected Is there any way by which we can investigate why these alerts got generated. and what next action can be taken on this ?
Log Analytics workspace
Hello, can anyone help me understand the workspace used for Defender for Cloud How to identify which workspace is Defender for cloud connected to, older version of Defender for cloud has clear mention of the workspace name to which it is connected, the latest version just displays it as "Default Workspace" not the actual name of the workspace, as there are multiple "Default workspaces" in a subscription/Tenant. Thanks in Adv.Azure Security Center - Security offering for Azure Kubernetes Service is now generally available
We are very excited to share with you that the Azure Security Center offering for Azure Kubernetes Service is generally available! The popular, open source platform Kubernetes has been adopted so widely that it’s now an industry standard for container orchestration. Despite this widespread implementation, there’s still a lack of understanding regarding how to secure a Kubernetes environment. Defending the attack surfaces of a containerized application requires expertise to ensure the infrastructure is configured securely and constantly monitored for potential threats. With this native solution, Azure Security Center is expanding its container security features to protect Azure Kubernetes Service (AKS), providing an experience that blends into the Security Center cloud security suite and answers customer demand in the rapidly growing Container Security space. This is an important milestone on the journey towards providing Azure customers with a single pane of glass for CWP workloads. The new capabilities include: Discovery and visibility - Continuous discovery of managed AKS instances within the subscriptions registered to Security Center. Security recommendations - Actionable recommendations to help you comply with security best-practices for AKS. These recommendations are included in your secure score to ensure they’re viewed as a part of your organization’s security posture. An example of an AKS-related recommendation you might see is "Role-based access control should be used to restrict access to a Kubernetes service cluster". Threat protection - Through continuous analysis of your AKS deployment, Security Center alerts you to threats and malicious activity detected at the host and AKS cluster levels Additional information can be found here: Container security in Security Center Azure Kubernetes Services integration with Security Center Monitoring the security of your containersAzure Security Center Webinar: Secure Score
Want to learn about Secure Score in Azure Security Center? Join our webinar. Details and registration at https://aka.ms/ASCSSWebinar. Azure Secure Score is a simple but elegant tool that will help you improve your infrastructure security by identifying and ranking the highest impact configuration changes you can make. We have recently introduced tools such as "virtual analyst" which enable you to increase your Secure Score in an automated fashion. More details can be found at https://docs.microsoft.com/en-us/azure/security-center/security-center-secure-score. We are hosting two identical sessions at the following times: Tuesday, September 10, 2019 at 08:00 PT / 11:00 ET / 15:00 GMT, and Wednesday, September 11, 2019 at 09:00 GMT / 11:00 CEST / 17:00 HKT Afterward, recordings will be posted to https://aka.ms/ASCRecordings. We hope you’ll join us!
Blog | Malware Scanning for cloud storage GA pre-announcement|prevent malicious content distribution
Malware Scanning in Defender for Storage will be generally available (GA) for Azure Blob Storage on September 1, 2023. This add-on to Defender for Storage will be priced at $0.15 (USD) per GB of data scanned. Malware Scanning in Defender for Storage helps protect your Blob storage accounts from malicious content by performing a full, built-in, agentless malware scan on uploaded content in near real time, using Microsoft Defender Antivirus capabilities. It scans all file types and allows you to detect and prevent malware distribution events. Read the full blog post: Malware Scanning for cloud storage GA pre-announcement | prevent malicious content distribution at scale (microsoft.com)
