Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home Security and Compliance

New Azure Kubernetes Service (AKS) Security Workbook

Azure Sentinel News Editor by Azure Sentinel News Editor
November 12, 2020
in Security and Compliance, Security Ochestration & Automated Response, Threat Intelligence
0
New Azure Kubernetes Service (AKS) Security Workbook
2.4kViews

Visibility to the activities in your Kubernetes clusters is a crucial part of keeping the clusters secured. With Azure Defender for AKS, you can monitor your AKS clusters and be alerted when suspicious and malicious activities in the clusters occur.

Now you can get even more insights about the security of your AKS clusters with the new workbook for Azure Kubernetes Service (AKS) security in Sentinel. The workbook helps you to get a better visibility to your cluster from security perspective. The workbook leverages Diagnostic Logs and Azure Defender security alerts for giving you insights about operations in the cluster that have security impact. This includes visibility to:

  • Creation of privileged containers.
  • operations on secrets in the cluster.
  • Cluster-admin bindings.
  • Images with multiple security alerts.

To get full benefit of the new workbook, enable kube-audit in the diagnostic settings of the AKS clusters and make sure that Azure Defender for Kubernetes is enabled and ingested to Azure Sentinel.

To enable Azure Defender for Kubernetes go to Azure Security Center –> Pricing & Settings –> Select the relevant subscription and make sure that Kubernetes plan is enabled:

To ingest the security alerts to Sentinel, go to Sentinel –> Data connectors –> Azure Security Center


To enable Diagnostic logs for AKS go to your AKS cluster –> Diagnostic settings –> Add diagnostic setting –> select kube-audit logs and “Send to Log Analytics”:

The workbook was developed with the assistance of:

Hesham Saad – Senior Global Cybersecurity Technical Specialist, Global Black Belt
Yaniv Shasha – Senior Program Manager, C+AI Security
Hosam Kamel – Senior Azure Specialist

Reference: https://techcommunity.microsoft.com/t5/azure-sentinel/new-azure-kubernetes-service-aks-security-workbook/ba-p/1867134

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

Vectra AI and Microsoft partner on security integration
Security and Compliance

Replay Now Available – Microsoft Security Insights 036: Azure Sentinel with Rod Trent

February 8, 2021
What’s new: Microsoft Teams connector in Public Preview
Security and Compliance

eBook Available for Managing Azure Sentinel with PowerShell

January 6, 2021
Microsoft is quietly becoming a cybersecurity powerhouse
Security and Compliance

Official Azure Sentinel PowerShell Module Released

January 4, 2021
Next Post
Deploying and Managing Azure Sentinel – Ninja style

Deploying and Managing Azure Sentinel - Ninja style

What’s New: Multiple playbooks to one analytic rule

What's New: Multiple playbooks to one analytic rule

What’s new: Microsoft 365 Defender connector now in Public Preview for Azure Sentinel

What’s new: Microsoft 365 Defender connector now in Public Preview for Azure Sentinel

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

ThreatConnect integrates its TIP and SOAR platform with Microsoft Graph Security API

ThreatConnect integrates its TIP and SOAR platform with Microsoft Graph Security API

4 months ago
ForgeRock integrates with Microsoft, Auth0 launches marketplace to secure enterprise digital identity

Why Use Jupyter for Security Investigations?

3 months ago
BlueVoyant acquires Managed Sentinel, builds out Microsoft MSS offerings

BlueVoyant acquires Managed Sentinel, builds out Microsoft MSS offerings

4 months ago
Microsoft Rebrands Enterprise Security Solutions as ‘Microsoft Defender’

odix joins the Microsoft Intelligent Security Association (MISA) program extending FileWall security logs to Microsoft Azure Sentinel

4 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

Improved Azure Portal View Makes Switching Between Azure Sentinel LAWs Easier

How to Use Azure Sentinel to Protect Against the Exchange Zero-day

How to Deploy an Analytics Rule to Azure Sentinel from the GitHub Repository

Azure Sentinel Weekly Newsletter

How to Generate Azure Sentinel Incidents for Testing

Azure Sentinel Notebooks Loses It’s Preview Tag

Trending

With new release, CrowdStrike targets Google Cloud, Azure and container adopters
SIEM

Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

by Azure Sentinel News Editor
March 5, 2021
0

Deploying collateral from our GitHub repository to your Azure Sentinel instance is very similar in that it...

Vectra AI and Microsoft partner on security integration

How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks

March 4, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository

March 3, 2021
With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Improved Azure Portal View Makes Switching Between Azure Sentinel LAWs Easier

March 3, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

How to Use Azure Sentinel to Protect Against the Exchange Zero-day

March 3, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA March 5, 2021
  • How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks March 4, 2021
  • How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository March 3, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News