Creating Custom Notable Event in Azure Security Center

In Azure Security Center you can use the Events dashboard to see the security events (including Windows Firewall) collected over time: The visualization of security events over time can be very useful for you to observe some patterns, and to have a snapshot of the environment. You can also use this information when performing an…


Exporting Computers that are not Compliant with Security Baseline Recommendations in Azure Security Center

To enhance your security posture you must ensure that your computers are using the appropriate secure configuration, which may vary according to its role, for example: Web Servers will have a different security baseline compare to File Servers. In Security Center you can see the current security state of your computers by using the Security…


Installing Azure Security Center Agent on Linux Computer

You probably know that Security Center can monitor your Linux computers, right? You also know how to onboard non-Azure machines to Security Center, right? OK, now the question that I’ve received recently was: how can I install the Security Center Linux agent in my Linux computer? The steps documented in the article Connect your Linux Computers…


Using Azure Activity Log to query security alerts originated by Azure Security Center

By now you know that you can use Azure Security Center dashboard to visualize Security Alerts, and you can also use Log Analytics to query Security Alerts. Recently we also added the capability to visualize Security Alerts originated by Security Center from Azure Activity Log. For the example below I’m going to search for security…


Incident Response in Hybrid Cloud

I had a great time yesterday at Hacker Halted, my presentation was packed with great security professionals, great questions, and the networking was outstanding. My deck available here (in PDF format), and if you attended the session, make sure to connect with me via LinkedIn.


Ignite 2017 – Azure Security Center Domination!

I’ve been to all editions of Microsoft Ignite so far, 2015 in Chicago, 2016 in Atlanta, 2017 in Orlando, and I’ve never seen this level of excitement for Azure in general. Same applies to Azure Security Center, previous year was most likely: “What’s this Azure Security Center”, while this year was more like: “We are using Security…


Updates in Azure Security Center – September 2017 – Part 3

Here another wave of new features that were released today, this time in public preview, but fully documented below: Investigate Incidents and Alerts in Azure Security Center (Preview) Custom Alert Rules in Azure Security Center (Preview) Security Playbook in Azure Security Center (Preview) If you are planning to go to Ignite next week, here are…


Updates in Azure Security Center – September 2017 – Part 2

You thought we were done, didn’t you? Nope, it ain’t over yet, and here are the new articles that reflect new capabilities in Azure Security Center released today: Monitoring and processing security events Azure Security Center search Adaptive Application Controls in Azure Security Center (Preview) Partner and Solutions Integration in Azure Security Center That’s a…


Updates in Azure Security Center – September 2017

Today we are releasing a series of updates for Azure Security Center, and these updates are fully documented by our team. Make sure to check it out the articles that we just published: Onboarding to Azure Security Center Standard for enhanced security Data collection in Azure Security Center Threat Intelligence in Azure Security Center Monitoring…


Azure Information Protection Scenarios

Just a quick follow up on my post about the demo video series from the Enterprise Mobility + Security Team, the following demos are going to cover the Information Protection space. The first one below shows how automatic classification of documents based on the data classification policies an organization is triggered: The next one shows a…