Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home Security Ochestration & Automated Response

Compliance Reporting for Azure

Azure Sentinel News Editor by Azure Sentinel News Editor
December 24, 2020
in Security Ochestration & Automated Response
0
CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services
1.6kViews
826 Shares Share on Facebook Share on Twitter

The aim of the workbook is to consolidate many data sources into one report. 

I’ve called the workbook Azure Security Reporting (but you can use whatever name makes sense to you, when you import it). 

There is a lot of great data surfaced by Azure Resource Graph (ARG) and Log Analytics, I have laid this out into four Tabs on the workbook. 

This download isn’t from the main Sentinel Github for Workbooks as it covers many technologies. Please download the Workbook and read the import instructions (in the readme) on my Github

Data sources: 

  • SecurityAlert  – The table in Log Analytics (used by ASC and Azure Sentinel) 
  • Securityresources – Azure Resource Graph
  • Advisorresources – Azure Resource Graph 

The four tabs explained, Alerts, Compliance, Qualys and Advisor 

Note: ARG uses data from api calls, so there is no timefilter, therefore you may see more data in these reports than in the filtered views provided by ASC or Azure Advisor for example.  

Tab1: Alerts and Incidents 

Today this covers the Security Alerts you usually see in ASC and Sentinel (more on Incidents in a follow-up post).     

Annotation 2020-03-27 163850.jpg

Please note the [Product selection] filter drop-down (this is useful on this page to filter by the Security Products you have, and it’s also used again in the “Qualys issues by Hostname” report. 

If you are unsure select ALL

Annotation 2020-03-27 164100.jpg

Tab2: Compliance 

This tab relies on data from Azure Security Center from the Standard Tier, so you will need ASC Standard for this Tab to produce any data. 

https://docs.microsoft.com/en-us/azure/security-center/security-center-compliance-dashboard

Annotation 2020-03-27 164414.jpg
Annotation 2020-03-27 164458.jpg

The above shows the compliance controls and assessments.  You can select a filter for the compliance (all the supported or custom ones) e.g. ISO27001 and the state e.g. Failed.   

This isn’t something you can do in the ASC portal, and I added a free form search bar, so you can use that to find other details. 

You can also export this data to Excel (see the arrow in the bottom right corner of image 2). 

I have also re-created the recommendations view you see in ASC (as closely as possible, I have Networking in the list as an addition).  

Annotation 2020-03-27 164742.jpg

Tab3: Qualys  

This tab relies on data from Azure Security Center from the Standard Tier.

The vulnerability scanner included with Azure Security Center is powered by Qualys. Qualys’s scanner is the leading tool for real-time identification of vulnerabilities in your Azure Virtual Machines. It’s only available to users on the standard pricing tier. You don’t need a Qualys license or even a Qualys account – everything’s handled seamlessly inside Security Center. 

Source: https://docs.microsoft.com/en-us/azure/security-center/built-in-vulnerability-assessment 

This part of the report starts of with a summary for Severity, Description and Category.  Again, I have provided a drop-down filter, on Severity – would Category be a useful filter as well?

Annotation 2020-03-27 164935.jpg

The final two reports check for Qualys recommendations that relate to a host (Computer), I then merge the prior two outputs to show “Computers that have Alert AND a Qualys recommendation” Thanks for the idea @Ofer!   

This correlates a Computer to a Security tool like Azure Security Center or Azure Sentinel (or any you have in your list), where we also have a Qualys recommendation. 

Annotation 2020-03-27 165140.jpg

Tab4: Advisor  

Azure Advisor is often overlooked data, especially the cost saving recommendations!  Azure Advisor now offers (or includes) Security recommendations 
 
Quickly and easily optimize your Azure deployments. Azure Advisor analyzes your configurations and usage telemetry and offers personalized, actionable recommendations to help you optimize your Azure resources for high availability, security, operational excellence, performance, and cost. 

Source: https://azure.microsoft.com/en-us/services/advisor/ and https://docs.microsoft.com/en-us/azure/advisor/advisor-security-recommendations 

The first set of reports are the ones you see in Azure Advisor, but you can scroll down for the Security recommendations section.

Annotation 2020-03-27 165426.jpg

Reference:https://techcommunity.microsoft.com/t5/azure-sentinel/compliance-reporting-for-azure/ba-p/1259574

Tags: Workbooks
Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

Microsoft announces security, identity, management, and compliance updates across Azure and Office
Security Ochestration & Automated Response

Updated Azure Sentinel Workbook: MITRE ATTACK Framework Reference

December 29, 2020
Microsoft announces security, identity, management, and compliance updates across Azure and Office
Security Ochestration & Automated Response

Ingestion Cost Alert Playbook

December 23, 2020
Microsoft’s John Thompson and VMware’s Sanjay Poonen share a similar view of the security landscape
Security Ochestration & Automated Response

Coretek Services Recognized as the 2020 Microsoft US Partner Award Winner – Other – Advisory Services

December 2, 2020
Next Post
What’s new: Microsoft Teams connector in Public Preview

Ingest Fastly Web Application Firewall logs into Azure Sentinel

Microsoft brings endpoint & Azure security under Microsoft Defender

Explorer Notebook Series: The Linux Host Explorer

Enriching Windows Security Events with Parameterized Function

Extending Azure Sentinel: APIs, Integration and management automation

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

Microsoft announces Azure Sentinel SIEM general availability

Microsoft announces Azure Sentinel SIEM general availability

4 months ago
Microsoft improves Azure’s security to protect your business

How to Enable the Microsoft Teams Public Preview for Azure Sentinel

2 months ago
Microsoft is quietly becoming a cybersecurity powerhouse

Official Azure Sentinel PowerShell Module Released

2 months ago
The ‘All-Seeing’ Azure Sentinel Provides Omnipresent Level Security

What’s new: Analytics FileHash entity hits GA!

3 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

New Items of Note on the Azure Sentinel GitHub Repo

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

Trending

What’s new: Microsoft Teams connector in Public Preview
IR

How to Generate Azure Sentinel Incidents for Testing

by Azure Sentinel News Editor
February 26, 2021
0

Do you want to generate an Incident in Azure Sentinel for testing/demoing? Here’s a couple easy ways...

What’s new: Microsoft Teams connector in Public Preview

Azure Sentinel Notebooks Loses It’s Preview Tag

February 25, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

February 22, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

February 17, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • How to Generate Azure Sentinel Incidents for Testing February 26, 2021
  • Azure Sentinel Notebooks Loses It’s Preview Tag February 25, 2021
  • The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting February 22, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News