Exploring Notable Events in Security Incidents

Azure Security Center is able to identify threats that may compromise your system in different phases of the kill chain. Security Center will use different detection capabilities prior to trigger an alert, and the content of this alert can also vary according to its type. If Security Center identifies that there is a correlation between…


Azure Advisor Integration with Azure Security Center

First of all, Azure Advisor is super cool, it’s basically one-stop-shop for recommendations regarding high availability, security, performance, and cost of your Azure environment. If you never visited this dashboard, make sure to check it out:  The other cool thing is that the security recommendations is fully integrated with Azure Security Center. When you click…


Detecting attempts to run untrusted code by using trusted executables in Azure Security Center

In February 2017, FireEye documented a sophisticated spear phishing campaign targeting individuals within the Mongolian government. In the initial part of this attack, they were bypassing AppLocker restrictions by using Regsrv32.exe, which enables the attacker to run untrusted code. This technique was used in many others attack campaigns.  By using virtual machine behavioral analysis, Security…


Creating Custom Notable Event in Azure Security Center

In Azure Security Center you can use the Events dashboard to see the security events (including Windows Firewall) collected over time: The visualization of security events over time can be very useful for you to observe some patterns, and to have a snapshot of the environment. You can also use this information when performing an…


Hybrid Cloud Workload Protection with Azure Security Center

In case you missed due the holidays, we released a new Microsoft Virtual Academy fully dedicated to Azure Security Center. In this MVA, Ty Balascio and I are covering the following content: 1 | Getting Started with Azure Security Center Learn about the current threat landscape and how Azure Security Center can enhance your security…