Installing Azure Security Center Agent on Linux Computer

You probably know that Security Center can monitor your Linux computers, right? You also know how to onboard non-Azure machines to Security Center, right? OK, now the question that I’ve received recently was: how can I install the Security Center Linux agent in my Linux computer? The steps documented in the article Connect your Linux Computers…


Using Azure Activity Log to query security alerts originated by Azure Security Center

By now you know that you can use Azure Security Center dashboard to visualize Security Alerts, and you can also use Log Analytics to query Security Alerts. Recently we also added the capability to visualize Security Alerts originated by Security Center from Azure Activity Log. For the example below I’m going to search for security…


Using Search in Security Center to find Indicators of Compromise

Indicators of Compromise (IoC) are individually-known malicious events that indicate that a network, or a computer has already been breached. You can find a lot of IoC at OpenIOC (www.openioc.org), such as the Zeus IoC. In some circumstances, the IoCs will indicate the existence of a particular file in the system, or the execution of…


Searching for suspicious user in Azure Security Center

Last September during my presentation with Meir at Ignite, we talked about how powerful the new search capability in Azure Security Center is, the integration with Log Analytics gives you total control, and flexibility to find what you really need.  But how to really use this? First step is to read our core documentation regarding Search…


Validating Connectivity with Azure Security Center

Azure Security Center is now hybrid, which means that you can connect computers that are located on-premises, and also in other cloud platforms such as AWS. This onboarding process is well documented in this article. The agent installation is pretty straight forward, and this agent is the same one used for OMS Security, which has versions for Windows and…


Ignite 2017 – Azure Security Center Domination!

I’ve been to all editions of Microsoft Ignite so far, 2015 in Chicago, 2016 in Atlanta, 2017 in Orlando, and I’ve never seen this level of excitement for Azure in general. Same applies to Azure Security Center, previous year was most likely: “What’s this Azure Security Center”, while this year was more like: “We are using Security…


Updates in Azure Security Center – September 2017 – Part 2

You thought we were done, didn’t you? Nope, it ain’t over yet, and here are the new articles that reflect new capabilities in Azure Security Center released today: Monitoring and processing security events Azure Security Center search Adaptive Application Controls in Azure Security Center (Preview) Partner and Solutions Integration in Azure Security Center That’s a…


Updates in Azure Security Center – September 2017

Today we are releasing a series of updates for Azure Security Center, and these updates are fully documented by our team. Make sure to check it out the articles that we just published: Onboarding to Azure Security Center Standard for enhanced security Data collection in Azure Security Center Threat Intelligence in Azure Security Center Monitoring…


Azure Security Center – June Updates

I would like to share with you some updates that we had during this month in the Azure Security Center documentation, which directly reflect some changes in this service. The main changes are: Platform Migration: Beginning in early June 2017, Azure Security Center rolls out important changes to the way security data is collected and stored. These…


Azure Security Center UI Update

If you are using Azure Security Center you probably noticed that yesterday the main dashboard was different, that’s right, it was updated. You can watch this short video below that I recorded with an explanation about these changes: We also updated our articles that were impacted by this UI change, such as the Security health monitoring…