Azure on sekureco42

Split log streams into Analytics and Auxiliary Table

Fri, 22 Nov 2024 16:34:12 +0100

In the last article we found out that KQL transformation at ingestion time is not available for Auxiliary Logs. But in real cases you want to have the ability to send selective log lines to Analytics while sending the rest to Auxiliary. In this article we will discover the possibilities.

Remap column names in Data Collection Rules (DCR)

Thu, 21 Nov 2024 07:46:12 +0100

In real world scenarios you have a data source with field names which are not identical to those in your table. Beside of renaming the fields in your agent which sending logs also Data Collection Rules provide the ability to map fields with transformkql.

Auxiliary Logs in Azure Log Analytics

Wed, 13 Nov 2024 17:29:12 +0100

Microsoft provides a new type of Log Analytics tables called Auxiliary Logs. Currently this is in Public Preview and I did some lab testing which I documented in this blog post.

Enterprise Attack Surface Management (EASM) - Summary

Tue, 14 May 2024 13:12:15 +0100

Microsoft provides an Enterprise Attack Surface Management (EASM) tool. In this blog series I want to disover the tool and the possibilities. This is part 3 of this series and covers my conclusions.

Enterprise Attack Surface Management (EASM) - Tuning

Thu, 09 May 2024 14:29:15 +0100

Microsoft provides an Enterprise Attack Surface Management (EASM) tool. In this blog series I want to disover the tool and the possibilities. This is part 2 of this series and covers tuning..

Enterprise Attack Surface Management (EASM) - Activation and a first look

Thu, 02 May 2024 18:29:15 +0100

Microsoft provides an Enterprise Attack Surface Management (EASM) tool. In this blog series I want to disover the tool and the possibilities. This is part 1 of an upcoming series.

Azure Batch and how to avoid misuse

Tue, 23 Apr 2024 18:22:15 +0100

Azure Batch is quite powerful tool if you want to scale compute intensive tasks in your environment due it lets you manage scaled workload in Azure. This article will present counter measure to reduce the risk of misuse.

Microsoft Defender for Office 365 & Least Privileges

Thu, 12 Oct 2023 18:22:15 +0100

If using Microsoft Defender for Office 365 (MDO) as a Security Analyst and want to mitigate stuff (eg. add a domain to the Tenant Level Allow/Block list) you have an issue with the current role model Microsoft provides.

Microsoft Defender for Endpoint Asset Rules

Wed, 09 Aug 2023 15:55:15 +0100

If using Microsoft Defender for Endpoint (MDE) often you need to tag devices according some rules. In the past this was a manual task or you automated it by using the API. Now Microsoft provides a way to tag systems automatically according rules.

Add automatically Catch-All addresses as Send-from addresses in Exchange Online

Wed, 19 Apr 2023 07:59:15 +0100

In previous post I wrote about several possibilities to automate tasks in Azure. In this post I will show you an additional possibility to automate tasks in a cloud native environment with the help of Automation Account.

Microsoft Defender for Endpoint API with Logic App

Mon, 20 Mar 2023 20:06:15 +0100

In another post I already wrote about managed identities and using API. There I also showed how to adapt the required permissions. In this post you will see how to set up required permissions for Microsoft Defender for Endpoint (internally called WindowsDefenderATP).

Graph API with Logic App

Wed, 15 Mar 2023 07:51:15 +0100

In the first part of this serie we checked the basics of the Graph API. Now in this part we will use Logic App to query the API. This opens new way to automate tasks.

Nextcloud SSO with Azure Active Directory (AAD)

Wed, 22 Feb 2023 11:00:15 +0100

Nextcloud is a file sharing platform like Sharepoint. Providing SSO for this application for your Azure Active Directory users is easy - especially if you know which SAML properties you have to setup on both ends, Nextcloud and AAD. This article shows you how to do it.

Azure Cross Tenant MFA Trust Settings

Fri, 17 Feb 2023 09:57:15 +0100

To have MFA enabled also in a B2B scenario is important. But it could lead to two MFA prompts which could lead to the MFA fatigue syndrom. In this post I will show you how you could reduce MFA prompts.

Azure Application Proxy

Wed, 08 Feb 2023 15:23:15 +0100

Azure has a nice solution to bring on-prem web based applications safely into the internet: Application Proxy is the solution.

Introduction

Often companies have on-prem web applications which should be accessible by Azure users. Azure provides a possiblity to bring such applications savely to the internet. The solution is called Application Proxy.

Graph API with PowerShell

Thu, 19 Jan 2023 15:07:15 +0100

In the first part of this serie we checked the basics of the Graph API. Now in this part we will use a dedicated PowerShell module to explore the API further more.

Graph API Introduction

Thu, 19 Jan 2023 14:07:15 +0100

If you are using Microsoft Azure - more specifically the SaaS products like Exchange Online, SharePoint Online or Teams you have the opportunity to get many information through the Graph API. In this article you will get a short introduction into the Graph API.