Blogs by Ashwin

  To read part 1 please click  here Traffic Manager A DNA-based traffic load balancer Azure Traffic Manager enables you to distribute the traffic in the most favorable way to the services across global Azure regions, while readily offering high availability and responsiveness. It provides a vast range of traffic-routing methods and endpoint monitoring options that suits different application needs as well as automatic failover models which makes it resilient to any kind of failure, including the failure of an entire Azure region.  Routing Azure implements a default routing configuration granting basic connectivity, ability to reach the internet and to communicate with the other resources on the same or directly connected virtual; networks. This default configuration can be modified in the following ways: Creating user-defined routes, which are known as the route tables with one or more rules altering the default routing behavior as well as associate them with virtual netw...

  To read part 2 please click  here Azure Virtual Networks Azure Virtual Networks provides direct, private IP-based connectivity between network-attached resources, like Azure VMs while supporting Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).  A virtual network consists of one or more subnets which can easily facilitates segmentation of networks, providing a means of controlling communication network resources. VMs generally uses a virtual network adapter to attach to a subnet to communicate with the other VMs as well as the other network resources like load balancers or gateways. The maximum number of network adapters that you can use depends on its size.  IP Addressing A unique private IP address is generally allotted to a network adapter of a VM, an internal Azure load balancer, or an application gateway from the IP address range of the subnet to which they are connected. Most of the Azure resource...

  Azure Storage Types You can use Azure Storage Service to store unstructured and partially structured data while creating an Azure Storage Account which is capable of hosting different types of following objects: Blobs- These typically represents unstructured files such as media content, virtual machine disks, backups, or logs while offering a locking mechanism, which facilitates exclusive file access that IaaS VMs requires. There are three types of blobs. The first one, known as a block blob, is the most effectively used for sequential access, which is ideal for media content. The second one, referred to as a page blob, provides superior random-access capabilities, which is the best suited for VM disks. The third one, referred to as an append blob, supports data append operations, without the need to modify existing content. This works the best with logging and auditing activities. Tables- These hosts non-relational and partially structured content consisting of multiple rows of ...

  Azure for SAP Workloads Whenever you use Microsoft Azure, you can easily run SAP applications across the development, test as well as teh production scenarios in Azure, while readily taking advantage of its scalability, flexibility, and cost savings. With the expanded partnership between Microsoft and SAP, you can be fully supported on every platform. Azure can be considered unique for SAP HANA as it enables hosting more memory and CPU resource in the scenarios involving SAP HANA, while offering the use of customer-dedicated bare-metal hardware.  SAP and Microsoft have a strong partnership along with a long history of working together that has mutual benefits for the customers. Microsoft is providing constantly updated platform and new certification details to SAP ensuring that Microsoft Azure is the best platform to run your SAP workloads. Azure Virtual Machines (VMs) Azure VMs consists of the primary Infrastructure as a Service (IaaS) compute service offerings available in...

 Access Azure Sentinel Data with External Tools Azure Sentinel's foundation is based on the Log Analytics Data Store, which is capable of combining the high-performance querying, dynamic schema, and scales to massive data volumes. The Azure portal and all the other Azure Sentinel tools always uses a standard API to access this data store which is also available for external tools such as Python and PowerShell. There are two libraries that can be used to simplify API access: kqlmagic msticpy kqlmagic The kqlmagic library provides the easy to implement API wrapper to run KQL queries. msticpy msticpy, also known as the Microsoft Threat Intelligence Python Security Tools, is a set of Python tools intended to be used for security investigations and hunting. Many of the tools originated as code Jupyter notebooks solve a problem as part of security investigation. Some of the tools are only useful in notebooks, but many others can be used from the Python command line or imported into your ...

  Manage Azure Sentinel Threat-Hunting Queries To efficiently find and isolate security threats, and unwanted activities in Contoso's environment, you can use the Azure Sentinel which contains powerful query tools. Hunt by using built-in queries Search and query tools can be used in Azure Sentinel to hunt for security threats and tactics throughout your environment. The Hunting page in Azure Sentinel provides built-in queries that can easily guide your hunting process as well as helps you to pursue the appropriate hunting paths to uncover issues in your environment while also exposing issues with the help of Hunting Queries that aren't significant enough on their own to generate an alert but have happened often enough over time to warrant investigation.  The Hunting page also provides a list of all hunting queries that can be saved by selecting the Favorites star icon for the query in the list.  Tip- When a query is selected as a favorite, it runs automatically each time ...

  CyberSecurity Threat Hunting The term "threat hunting" is defined differently by different people. The most commonly used definition is that it is the idea that you are proactively hunting through your environment for a threat or a set of activities that you have not previously detected.  Other uses of the term hunting includes searching for threats with newly obtained indicators. If a new IP Address considered harmful is provided by a Threat Intelligence Feed, an analyst can then note the IP address to search the log to find if the new indicator was seen in the past. Azure Sentinel already provides hunting queries to facilitate this process.Next, you can hunt for more evidence-based threats from a current Incident or Alert as part of an Incident Analysis Process which is vital to explore the data based on the evidence found in a current incident. Both Azure Sentinel and Microsoft 365 Defender provides this type of hunting capability. Using KQL queries to find threats is th...

  Azure Sentinel Workbooks Several ready for use templates are provided by the Azure Sentinel that can be used to create your own workbook and then modify them as needed for Contoso. Most of the data connectors it uses to ingest data come with their own workbooks, but better insight can be obtained by simply looking into the data that is being ingested by using tables and visualizations, including bar and pie charts. You can also make your own workbook easily by using this data from the beginning instead of using the predefined templates. Workbook Page You can easily access the workbook page from the Azure Sentinel from the navigation pane which consists of the: Workbook header- You can add a new workbook and review the saved workbooks as well as templates that are available on the workbook page. Templates section- You can access existing workbook templates on the Templates tab. You can save some of the workbooks for quick access and they will appear on the My Workbooks tab.  ...

  User & Entity Behavior Analytics (UEBA) To eliminate the drudgery from your analysts' workloads and the uncertainty from their efforts you can simply use the UEBA capability in Azure Sentinel, which delivers high-fidelity and actionable intelligence, so that they can focus on investigation as well as remediation. Azure Sentinel collects logs and alerts from all of its connected data sources to analyze them as well as build baseline behavioral profiles of your organization's entities across time and peer group horizon. By using various techniques and machine learning capabilities, Sentinel can then easily identify anomalous activities as well as help you to determine if an asset has been compromised, while also figuring out the relative sensitivity of particular assets, identify the peer groups of assets, as well as evaluate the potential impact of any given compromised asset. Armed with this information, you can effectively prioritize your investigation and incident handl...

  Incident Management in Azure Sentinel Incident management is a complete process of incident investigation, which starts from creation, while processing in-depth investigation, and finally to resolution providing a complete incident management environment to perform these steps. Azure Sentinel can be used to review the following: detailed incident information,  assign an incident owner,  set and maintain incident severity, and manage incident status.  Explain Evidence & Entities Various sources of security information are extensively used by Azure Sentinel to create incidents and as the lead system engineer at Contoso, there will always be a need to understand these sources to the best utilization of  incident management in Azure Sentinel. Incident Evidence Incident evidence provides security event information and related Azure Sentinel assets that can identify threats in the Azure Sentinel environment. They can display how a threat has been identified in A...

  Azure Sentinel as a SIEM & SOAR solution Azure Sentinel is known for its Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) solution that's especially designed for hybrid environments. To alert you about any potential security threats such as attempts to access Contoso's resources from outside its infrastructure or when data from Contoso appears to be sent to a known malicious IP address, it extensively uses built-in and custom detections while also creating incidents based on these alerts.  Azure Sentinel Playbooks The collections of the procedures based on Azure Logic Apps that runs in response to an alert are called Security Playbooks and can also be run manually in response to your investigation of an incident or an alert can be configured to run a playbook automatically. Its ability to respond to the incidents automatically also allows you to automate some of your security operations and make your Service Orga...