security automation blog

infernux.no
  • Archive
  • About me

Templating Microsoft Sentinel Analytic Rules using Powershell and CI/CD pipelines

Using the Microsoft Sentinel API and Powershell we can download all the components we want and template them for deployment - this allows you to create Analytic Rules in the Azure Portal and deploy them to multiple customers using CI/CD pipelines.

Posted on September 15, 2022

Templating [Read More]
Tags: Microsoft Sentinel, Azure DevOps, Analytic Rules, Powershell, Microsoft Sentinel API, ARM-templates

Adding a Key Vault to your Microsoft Sentinel Data Connector ARM-template

A subset of Data Connector for Sentinel come in the form of Azure Functions deployed using an ARM-template. Most if not all of these functions avoid actually implementing a Key Vault to secure your variables, so here's the snippets to implement it yourself.

Posted on September 12, 2022

Introduction [Read More]
Tags: Microsoft Sentinel, ARM-templates, Azure Functions, Data connectors, Key vault

Hardening Azure Active Directory

Going over some attack paths for Azure Active Directory (that I know of) and how to harden your environment to avoid exploitation (or just minimize the risk slightly). The focus for this post is app registrations and basic enumeration.

Posted on September 11, 2022

Introduction [Read More]
Tags: Microsoft Sentinel, Azure Active Directory, Hardening, Logging, App registration, Enterprise applications, Consent

Auditing Microsoft Sentinel queries in an Azure Lighthouse-environment

Quick introduction to auditing Microsoft Sentinel queries in a cross-tenant scenario - and some things to be aware of.

Posted on August 25, 2022

Scenario [Read More]
Tags: Microsoft Sentinel, Azure Lighthouse, LAQueryLogs, AzureActivity, Audit

Assign roles to managed identities in Microsoft Sentinel playbooks using Azure Lighthouse

Grant access via Azure Lighthouse using User Access Administrator delegation, ARM-templates, pipelines and powershell.

Posted on July 6, 2022

Scenario [Read More]
Tags: Azure REST API, Microsoft Sentinel, Azure Lighthouse, ARM Template, PowerShell, Managed Identity, User Access Administrator
  • ← Newer Posts
  • Older Posts →
  • Twitter
  • Email me
  • RSS

infernuxmonster  •  2023  •  Infernux.no

Theme by beautiful-jekyll