by Scott Muniz | Jul 9, 2020 | Azure, Microsoft, Technology, Uncategorized
This article is contributed. See the original author and article here.
With all the changes in Azure, it is sometimes hard to keep track, that’s why I thought I would give you a quick update on a couple of exciting things I learned this week. In this update, I want to share a couple of things around updates on Azure Arc enabled SQL Servers, private endpoints for Azure File Sync, Azure Private Link support for Azure Automation, Azure Digital Twins enhanced features, and much more! Also, tune in for our livestream later today.
Preview of Azure Arc enabled SQL Server is now available
The Azure Data Services team just announced the private preview of Azure Arc enabled SQL Server. The preview includes the following features:
- Use the Azure Portal to register and track the inventory of your SQL Server instances across on-premises, edge sites, and multi-cloud in a single view.
- Use Azure Security Center to produce a comprehensive report of vulnerabilities in SQL Servers and get advanced, real-time security alerts for threats to SQL Servers and the OS.
- Investigate threats in SQL Servers using Azure Sentinel.
Azure Arc enabled SQL Server is now available
You can register any Windows or Linux based SQL Server to track your inventory. Azure Security Center’s advanced data security works on Windows-based SQL Server version 2012 or higher, running on physical or virtual machines and hosted on any infrastructure outside of Azure.
If you are interested in participating in this preview, check out the full blog post here.
Azure Digital Twins enhanced features are now in preview
Continuing the #JulyOT theme from last week, Microsoft announces the preview release of Azure Digital Twins enhanced features. Create comprehensive digital models of entire environments to help gain insights that can drive better products, optimize operations, reduce costs, and create exceptional customer experiences with Azure Digital Twins Preview.
Private endpoints for Azure File Sync are now generally available
Starting with Azure File Sync agent 10.1, Azure File Sync supports private endpoints in all public and Azure US Government cloud regions where Azure File Sync is available. Private endpoints enable you to assign your Storage Sync Service private IP addresses from within the address space of your virtual network. Private endpoints for Azure File Sync allow you to:
- Securely connect to your Azure resources from on-premises networks using a VPN or ExpressRoute connection with private-peering.
- Secure your Azure resources by disabling the public endpoints for Azure Files and File Sync.
- Increase security for your Azure virtual networks by blocking exfiltration of data from your network boundaries.
You can learn more about configuring Azure File Sync network endpoints.
Azure Private Link support for Azure Automation is now available in preview
Another exciting news is the announcement of the preview of Azure Private Link Support for Azure Automation. You can now use Azure Private Link to securely connect virtual networks to Azure Automation using private endpoints (in preview).
Use Private link to:
- Establish a private connection to Automation without opening public network access.
- Ensure your Automation data is only accessed through authorized private networks.
- Protect data exfiltration with granular access to specific resources.
- Protect resources from public network access.
Use endpoints to:
- Use webhooks to start a runbook.
- Connect Hybrid Runbook Worker.
- Connect Azure DSC nodes.
You can learn how to use Private Link to securely connect networks to Automation here.
Fun IoT projects to do at home during #JulyOT
As they find themselves spending more time at home, people are finding creative ways to strike a new work-life balance using the Internet of Things. Here are the stories of three IoT hobbyists and their home projects that will inspire your creativity too. Stories include connecting a Raspberry Pi to a BBQ smoker to help grill a perfect set of ribs and monitoring moisture levels in plants.
MS Learn Module of the Week
Get started with artificial intelligence on Azure
Artificial Intelligence (AI) empowers amazing innovative solutions and experiences, and Microsoft Azure provides easy to use services to help you get started.
Conclusion
I wish you a good weekend, and I hope this short blog post provided you with some news from this week. I know there is much more than just the things I listed here. I recommend that you follow the Azure announcements blog. If you have any questions, feel free to leave a comment.
Also, check out last week’s Az Update here.
by Scott Muniz | Jul 8, 2020 | Azure, Microsoft, Technology, Uncategorized
This article is contributed. See the original author and article here.
Azure Migrate first made its appearance in September 2017. Since being Generally Available in 2018 the team behind it have worked hard adding capabilities to the product that helps add organisations on that data centre migration journey.
The latest feature that the team have released in preview is the ability to assess your on prem VMware virtual machines and understand what that would look like if migrated to the Azure VMware Solution (AVS).
The Azure VMware Solution allows your VMware workloads to run natively within Azure. This solution allows you to keep managing your VMs with the familiar VMware tools while taking advantage of the Azure scale and functionality.
I’ve used the Azure Migrate: Server Assessment Tool with a lot of customers, in order to assess what their current on prem server estate would look like if migrated to Azure in regards to cost and also identify any compatibility issues that need to be dealt with before the migration can go ahead. It’s been useful and successfully used by many to plan their data centre transformation.
I’m pleased to see we now have the capability within Azure Migrate to help those who are looking to migrate their VMware environments from on prem to the Azure VMware Solution (AVS) understand cost implications and compatibility issues.
Discovery of your servers is still the same. You can either import your server estate information from a CSV file or utilise the Azure Migrate: Server Assessment appliance to discover the data within your VMware estate.
Azure Migrate will then help you create an assessment report specifically with hosting your workloads within Azure VMware Solution (AVS) in mind.
Azure Migrate Assessment Output
The information back from the Azure Migrate Assessment will give you an indication of cost, how many AVS nodes you’ll need and how much CPU, Memory and Storage will be utilised if you moved your workload over to those AVS nodes.
This new feature within Azure Migrate is available in public preview, so is readily available for all to try today. So, if you currently have a VMware environment hosted on prem and would like to see what it would look like if hosted in AVS, give it a go today!
by Scott Muniz | Jul 8, 2020 | Azure, Microsoft, Technology, Uncategorized
This article is contributed. See the original author and article here.
Azure Migrate first made its appearance in September 2017. Since being Generally Available in 2018 the team behind it have worked hard adding capabilities to the product that helps add organisations on that data centre migration journey.
The latest feature that the team have released in preview is the ability to assess your on prem VMware virtual machines and understand what that would look like if migrated to the Azure VMware Solution (AVS).
The Azure VMware Solution allows your VMware workloads to run natively within Azure. This solution allows you to keep managing your VMs with the familiar VMware tools while taking advantage of the Azure scale and functionality.
I’ve used the Azure Migrate: Server Assessment Tool with a lot of customers, in order to assess what their current on prem server estate would look like if migrated to Azure in regards to cost and also identify any compatibility issues that need to be dealt with before the migration can go ahead. It’s been useful and successfully used by many to plan their data centre transformation.
I’m pleased to see we now have the capability within Azure Migrate to help those who are looking to migrate their VMware environments from on prem to the Azure VMware Solution (AVS) understand cost implications and compatibility issues.
Discovery of your servers is still the same. You can either import your server estate information from a CSV file or utilize the Azure Migrate: Server Assessment appliance to discover the data within your VMware estate.
Azure Migrate will then help you create an assessment report specifically with hosting your workloads within Azure VMware Solution (AVS) in mind.
Azure Migrate Assessment Output
The information back from the Azure Migrate Assessment will give you an indication of cost, how many AVS nodes you’ll need and how much CPU, Memory and Storage will be utilized if you moved your workload over to those AVS nodes.
This new feature within Azure Migrate is available in public preview, so is readily available for all to try today. So, if you currently have a VMware environment hosted on prem and would like to see what it would look like if hosted in AVS, give it a go today!
by Scott Muniz | Jul 8, 2020 | Azure, Microsoft, Technology, Uncategorized
This article is contributed. See the original author and article here.
Special thanks to “Ofer Shezaf”, “Yaniv Shasha” and “Bindiya Priyadarshini” that collaborating with me on this blog post
As highlighted in my last blog post about Azure Sentinel’s Side-by-Side approach with Splunk, there are in fact reasons that enterprises are using Side-by-Side architecture to take advantage of Azure Sentinel. Side-by-Side is not only about having both SIEMs operating at the same time, but it also provides flexibility for migration of existing SIEM and SOAR use cases to Azure Sentinel.
This blog describes how Azure Sentinel can be used Side-by-Side with QRadar.
The following options are available to ingest Azure Sentinel alerts into QRadar:
This blog post is going to cover the integration with Microsoft Graph Security API.
QRadar can collect events from data sources by using a plug-in called Device Support Module (DSM). IBM provides a DSM to collect data from the Microsoft Graph Security API.
Let’s start the configuration!
Preparation & Use
The following tasks describe the necessary preparation and configurations steps.
- Onboarding Azure Sentinel
- Registration of an application in Azure AD
- Preparation steps in QRadar
- Configuration steps in QRadar
- Using Azure Sentinel alerts in QRadar
Onboarding Azure Sentinel
Onboarding Azure Sentinel is not part of this blog post; however, required guidance can be found here.
Registering an Application in Azure AD
The steps required to register an app in Azure are described here. The registered app requires read access to the SecurityEvents.Read.All field in Microsoft Graph Security API.
For further configuration in QRadar, make a note of following settings:
- The Azure AD Application ID
- The Azure AD Application Secret
- The Tenant ID
Preparation Steps in QRadar
Using the Microsoft Graph Security API DSM to collect alerts from Azure Sentinel requires the following RPMs to be installed on QRadar:
- Protocol Common RPM
- Microsoft Graph Security API Protocol RPM
Download the latest version of RPMs from http://www.ibm.com/support and run the following commands to install the RPMs.
yum -y install DSM-DSMCommon-7.3-20190708191548.noarch.rpm
yum -y install PROTOCOL-MicrosoftGraphSecurityAPI-7.3-20200501003005.noarch.rpm
Preparation Steps in QRadar
Now it is time to use the QRadar portal.
Log on to the “QRadar portal“and click on “Admin“tab
Open the “QRadar Log Source Management“ screen and click on the “+New Log Source” button
Select “Single Log Source”
Search for “Universal DSM“, select it and click on “Step 2: Select Protocol Type”
Search for “Microsoft Graph Security API“, select it and click on “Step 3: Configure Log Source Parameters”
Type a “Name” and a “Description“, and configure “other parameters” , and click to “Step 4: Configure Protocol Parameters“
Add a “Log Source Identifier” and specify the parameters noted above when registering the Azure AD app (Azure AD Client ID, Azure AD Client Secret and Tenant ID).
If you want to filter only Azure Sentinel alerts from Microsoft Graph Security API, use the following filter in the parameter “Event Filter“.
provider eq ‘Azure Sentinel’
Click on “Step 5: Test Protocol Parameters” to continue with the wizard.
If you want to validate the configuration, click ”Start Test”, otherwise finish the configuration by clicking “Skip Test and Finish”.
Once the wizard is closed, the created “Log Source” is shown on the “Log Source Management” screen.
However, the configuration is not finished yet, it must be deployed in the “QRadar Admin portal“. Click on “Deploy Change” to apply the configuration.
Using of Azure Sentinel alerts in QRadar
Once the alerts are ingested, you can query Azure Sentinel alerts in QRadar.
A sample RAW alert from Azure Sentinel collected from Microsoft Security Graph API looks as shown below.
{“eventDateTime“: “2020-06-08T10:39:58.3572933Z“, “category“: “xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx“, “azureSubscriptionId“: “xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”, “description“: “Identifies when an RDP connection is new or rare related to any logon type by a given account today based on comparison with the previous 14 days.nRDP connections are indicated by the EventID 4624 with LogonType = 10“, “status“: “newAlert“, “severity“: “medium“, “title“: “Rare RDP Connections“, “hostStates“: [{“netBiosName“: “CLIENT“, “fqdn“: “CLIENT.DOMAIN.LOCAL“}], “vendorInformation“: {“vendor“: “Microsoft“, “provider“: “Azure Sentinel“}, “createdDateTime“: “2020-06-22T10:45:00.0929766Z“, “lastModifiedDateTime“: “2020-06-22T10:45:00.1940637Z“, “userStates“: [{“userPrincipalName“: “user“, “emailRole“: “unknown“, “accountName“: “account“, “domainName“: “domain“}], “id“: “xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”, “azureTenantId“: “xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”}
Summary
We just walked through the process of standing up Azure Sentinel Side-by-Side with QRadar. Stay tuned for more Side-by-Side scenarios in our blog channel.
Recent Comments