A Virtual machine must be running.
If a virtual machine is stopped your deployment will fail
Note a Charge
Steps to Install Extension for Microsoft Antimalware
Select Virtual Machine > Extensions > New Resource > Microsoft Antimalware > Install Extension
Set date and Scan time is set in minutes from midnight 60 = 1am, 120 = 2am etc
Deployment in progress
Installed and Configuration completed
Stephen Hackers Completed the Course
Creating Security Baselines In Microsoft Azure
By Neil Morrissey
#AlwaysBeLearning #UpSkill #Azure #Security #CyberSecurity #PluralSight
How to prepare to collect security log data from your Azure Windows virtual machines. You require two things:
Log Analystics Workspace to be created
The agent to be installed on the Virtual machine.
This guide shows how to setup the workspace and install the agents on the virtual machine.
Create a Log Analytics Workspace
Pricing is Pay as you go
Next you connect to the data source
Click Virtual Machines > Select Virtual Machine and click Connect.
The Agent is then automatically installed and ready to configure for the log analytics workspace
Next Configure workspace under advanced settings. See MS Doc
Quick Start Guide
Windows event log collect from Windows VM
Click Data > Windows Event Logs.
Add an event log. Example type System and then select “+”.
In the table, check the options Error and Warning.
Select Save at the top of the page to save the configuration.
This example shows how to assign a user/group a role to admin virtual machines in a resource group.
How to steps..
Select “Resource Group” > IAM > Add > Select user or group and select a role – Ok
Locking prevents the accidental deletion or modifying of critical resources. Example Azure Subscription, Resource Group, Network, Files, VMs.
How to configure Management locks to prevent the accidental deletion of core networks?
In this example we will put a “Delete” lock on a virtual network.
Virtual Network > Select the network > Locks > Add > Name + Set lock type to delete > Ok
To remove a lock / delete the lock
Something I regularly do, is review security against attacks and remediate if required.
This example is a simple SQL injection attack.
There is a few things in addition to code which can either prevent, log or alert this activity. Some examples listed below
Restrict special characters in usernames ( this wouldn’t pass the “*” )
Software Firewalls should block SQL injection ( This blocks the Select statements )
ATP (Advanced Threat Protection) monitoring access to the SQL database will alert also. (This can either log or block the traffic)
Example: Web Site – SQL injection in the username of a web portal
Username: “Select * From table 1”
Password : Blank
Access Denied. Potential loophole is blocked.
One of the many firewall rules in place blocks SQL injection and the platform restricts special characters being used as usernames.
We have a storage account, “
StorageV2 (general purpose v2)” and its can be accessed initially from all networks. We now want to restrict the storage access to an approved network location.
Click on the storage account > Firewalls and virtual networks and click “selected networks”
You can allow access from virtual networks or allow access through the firewall. Example below adds a Virtual network name and an external IP range. Then click Save.
How to maintain the patch status of your Windows and Linux machines
You can use Update Management in Azure Automation to manage operating system updates for your Windows and Linux machines in Azure, in on-premises environments, and in other cloud environments.” Microsoft
To enable on a specific virtual machine in Azure
Note – You only pay for logs stored (Log Analytics)
Enabling the option can take up to 15mins
Useful reference links
Bulk Add Azure VMs and Non Azure Machines
Create a monitoring alert on virtual machine CPU spike/usage.
you will need a virtual machine to monitor.
An action group set to send emails to admins
For this example we have a Windows10 virtual machine running in Azure we want to monitor.
Click Alerts > + New Alert Rule
Select a condition > Percentage CPU
Define the Alert Logic > Done
Assign an action group with sends an email notification to a user when the alert is triggered
Rule created and visible under Manage Alerts
How to guide, in Azure register an application in AD and generate app password
In the Azure portal, browse to Azure Active Directory > App Registrations
Enter Application details and account types
Next Click > Certificates & Secrets > New client secret
Enter description and Expirey > Click Add
Make sure to copy the value. You can then sign in as the application with the App ID and value.