Tips and Tricks of Setting up Azure Security Center

Since Ignite 2017 Security & Compliance offering is now part of Azure Service Center service. Because of that some of the controls of that offering are moved to ASC but still the integration is not complete at least to me. With this blog post I will focus on two of the ASC settings that you should set up when you start with ASC – Changing to another Log Analytics workspace and Security Events level (filtering). Continue reading “Tips and Tricks of Setting up Azure Security Center”

Advertisements

Mitigate speculative execution side-channel vulnerabilities

Seems the new year bring us some bad surprises in terms of security. There has been some rumors and now turned out to be truth that certain processors are vulnerable to certain attacks. Yes processors. That means that affects a wide variety of Operating Systems. As Microsoft puts it:

Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors.

Source: ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities

Continue reading “Mitigate speculative execution side-channel vulnerabilities”

Get-SCOMManagementPacks 4.4

I’ve just released the latest version of this script you can find at GitHub. There is just a small fix provided by Lynne Taggart in this release. Basically Microsoft changed the layout of their download page once again so we needed a slightly different logic to pull the MP version and publish date information.

Find if You Are Using Only TLS 1.2 Protocol with Log Analytics

I’ve stumbled on a great article by Brandon Wilson named Demystifying Schannel on which he explains how we can enable verbose logging for Schannel to found out what protocols our machines are using. As I leave and breathe Log Analytics and love to crunch data I thought would be cool example if we can ingest that data into it  and show you some cool example with the new query language on transforming data.

Continue reading “Find if You Are Using Only TLS 1.2 Protocol with Log Analytics”

Storage Spaces Direct (S2D) Management Solution for OMS V2

As you may have heard Log Analytics has a new query language. When you upgrade solutions are automatically converted to this new query language but I wanted to provide better experience so I’ve updated the Storage Spaces Direct (S2D) solution. Continue reading “Storage Spaces Direct (S2D) Management Solution for OMS V2”

OMS Analytics Portal Can Now Display Results In Your Local Time Zone

As you are familiar currently OMS has two search portals – the legacy one located in OMS classic Portal and the Analytics one. The Analytics Portal is slowly getting some of the cool features from the legacy Search Portal. One feature that was very handy in it was that TimeGenerated was displayed in the time zone you are accessing it. This is very handy when you have to investigate as it helps you track the events, logs and metrics at your local time. This was missing in the Analytics portal but now it is there and even enhanced.

Continue reading “OMS Analytics Portal Can Now Display Results In Your Local Time Zone”

ARM Templates for Service Map Dependency Agent Deployment

Yesterday Dave announced that there is a new Azure VM extension that deploys the Service Map Dependency Agent. The example provided was only for PowerShell so it was natural that we need ARM template as well. Continue reading “ARM Templates for Service Map Dependency Agent Deployment”