Integrating Azure Function with Azure Security Center Playbook

The Playbook feature in Azure Security Center leverages Azure Logic Apps to create a comprehensive workflow that can be used to aggregate a set of procedures to be executed when a certain condition takes place. The demo that I presented at Ignite 2007 shows the integration with Slack, and how the Security Center alert can…


Testing Azure Security Center Detections Capabilities

When you first onboard your VMs/Computers in Azure Security Center, and the Microsoft Monitoring Agent is fully installed in the target systems, you may see some security recommendations for your workloads. This initial security assessment is very important, and usually it doesn’t take long for Security Center to provide a good picture of how secure…


Exploring Notable Events in Security Incidents

Azure Security Center is able to identify threats that may compromise your system in different phases of the kill chain. Security Center will use different detection capabilities prior to trigger an alert, and the content of this alert can also vary according to its type. If Security Center identifies that there is a correlation between…


Azure Advisor Integration with Azure Security Center

First of all, Azure Advisor is super cool, it’s basically one-stop-shop for recommendations regarding high availability, security, performance, and cost of your Azure environment. If you never visited this dashboard, make sure to check it out:  The other cool thing is that the security recommendations is fully integrated with Azure Security Center. When you click…


Detecting attempts to run untrusted code by using trusted executables in Azure Security Center

In February 2017, FireEye documented a sophisticated spear phishing campaign targeting individuals within the Mongolian government. In the initial part of this attack, they were bypassing AppLocker restrictions by using Regsrv32.exe, which enables the attacker to run untrusted code. This technique was used in many others attack campaigns.  By using virtual machine behavioral analysis, Security…


Creating Custom Notable Event in Azure Security Center

In Azure Security Center you can use the Events dashboard to see the security events (including Windows Firewall) collected over time: The visualization of security events over time can be very useful for you to observe some patterns, and to have a snapshot of the environment. You can also use this information when performing an…


Hybrid Cloud Workload Protection with Azure Security Center

In case you missed due the holidays, we released a new Microsoft Virtual Academy fully dedicated to Azure Security Center. In this MVA, Ty Balascio and I are covering the following content: 1 | Getting Started with Azure Security Center Learn about the current threat landscape and how Azure Security Center can enhance your security…


Exporting Computers that are not Compliant with Security Baseline Recommendations in Azure Security Center

To enhance your security posture you must ensure that your computers are using the appropriate secure configuration, which may vary according to its role, for example: Web Servers will have a different security baseline compare to File Servers. In Security Center you can see the current security state of your computers by using the Security…


Azure Security Center Overview Page Updated

If you are using Azure Security Center, and you use the Overview page as your main dashboard, you are used to this layout: This week we had a small update on this page, and the Advanced Cloud Defense was removed from this page, as you can see the latest screen below: Nothing really change as…


Azure Security Center User Voice

I started working with Azure Security Center in July 2015 when it was still only available for some private preview customers. In December 2nd 2015 we officially announced that Security Center was available. The amount of changes since day 1 were absolutely incredible, and Security Center continues to evolve to address new threats, and new…