Microsoft Defender for Cloud Wrap - Issue #7
Welcome everyone to issue #7 of our ongoing effort to drive value in providing you with the best in created and curating content. Essentially, we do the work of locating both the community and the Microsoft created information to ensure you're always up-to-date.
Before I leave you with this week's content, I want to highlight a couple things. First off, in the Things to Have section, we have quite a number of new and updated workbooks for Defender for Cloud. Make sure you review these. There's some really valuable code here that I'm positive you can deploy easily and see immediate benefit.
Secondly, in this issue we have two opportunities for you to participate to help make Microsoft Defender for Cloud better, both of which are in the form of product team surveys.
The first...
Container Vulnerability Assessment Requirements
In our journey for continuous improvement, the Microsoft Security Center team is looking to learn more about your container vulnerability assessment requirements. Please use this short survey to provide your insight and priorities when it comes to container vulnerability assessment requirements. Your answers can directly impact our product roadmap.
Participate here: https://cda.ms/3dY
...and the second...
Management of Environment Settings
Microsoft Defender for Cloud Environment Management in Azure portal is currently managed at the subscription level. To change your settings (e.g. Microsoft Defender plans, agents auto-provisioning, etc.), you need to select a specific subscription and then edit your settings.
This survey intended to help us understand how security teams manage their environment settings and what tools they are using to do so.
The link to participate in this one: https://cda.ms/3dZ
...
With the US Thanksgiving holiday upon us, I want to wish everyone a wonderful holiday season. Even if you don't observe Thanksgiving its worth taking time just to be thankful for what you have. I think we can all agree that these past couple years have been trying. But, through all of it, each one of us has something to be thankful for. Don't forget that.
Talk soon.
-Rod
Things to Read
Microsoft Defender for Cloud - Use cases - Microsoft Tech Community — techcommunity.microsoft.com The way we look at threats and the mechanisms we implement to protect, detect, and respond to them has changed drastically. It is no longer a cat and
Microsoft Defender for servers - the benefits and features | Microsoft Docs — docs.microsoft.com What are the benefits of Microsoft Defender for servers? The threat detection and protection capabilities provided with Microsoft Defender for servers include: Integrated license for Microsoft Defender for Endpoint - Microsoft Defender for servers includes Microsoft Defender for Endpoint. Together, they provide comprehensive endpoint detection and response (EDR) capabilities. For more information, see Protect your endpoints. When Defender for Endpoint detects a threat, it triggers an alert. The alert is shown in Defender for Cloud. From Defender for Cloud, you can also pivot to the Defender for Endpoint console, and perform a detailed investigation to uncover the scope of the attack. Learn more about Microsoft Defender for Endpoint.
Cross-tenant management in Microsoft Defender for Cloud | Microsoft Docs — docs.microsoft.com Learn how to set up cross-tenant management to manage the security posture of multiple tenants in Defender for Cloud using Azure Lighthouse.
Workbooks gallery in Microsoft Defender for Cloud | Microsoft Docs — docs.microsoft.com Learn how to create rich, interactive reports of your Microsoft Defender for Cloud data with the integrated Azure Monitor Workbooks gallery
Things to Watch/Listen To
Export and submit logic app as code for deployment — www.youtube.com In this final video of the series you will learn how to export the logic app as code and prep it for deployment for any customer or internal use. We will als...
Azure Security Ignite 2021 Updates — www.youtube.com Tuesday, November 16, 2021, 11:00 AM ET / 8:00 AM PT (webinar recording date) Microsoft Defender for Cloud Webinar | Azure Security Ignite 2021 UpdatesPresen...
For each and Condition checks in Security Automation — www.youtube.com In this video you will learn how to leverage Controls like For each and Condition to run through each audit event and filter out unique email addresses of ca...
Security Community Webinars - Microsoft Tech Community — techcommunity.microsoft.com
Microsoft Defender for Cloud (Formerly: Azure Security Center) | Azure Security Ignite 2021 Updates
Defender for Cloud in the Field - Out of Band Edition — www.linkedin.com In this week's episode of #Defender for Cloud in the Field - Out of Band Edition, Safeena Begum is going to talk about a new Alerts Workbook that she created and Fernanda Vela comes back with the Secure Score Tip of the Month, covering the new MITRE ATT&CK Framework integration with recommendations. Check it out!
Security Community Webinars - Microsoft Tech Community — techcommunity.microsoft.com
Microsoft Defender for Cloud | NextGen Multi Cloud CSPM in Microsoft Defender for Cloud
Things to Have
ASC Defender for Storage - Price Estimation Dashboard 1.0 — github.com
This workbook considers all storage accounts with and without Azure Defender for Storage enabled across your selected subscription. The results are from within the last 7 days.
Microsoft Defender Active Alerts Workbook — github.com
Security Alerts are the notifications that Security Center generates when it detects threats on your resources. Security Center prioritizes and lists the alerts, along with information needed for you to quickly investigate the problem. Security Center also provides detailed steps to help you remediate attacks. Alerts data is retained for 90 days. Here is the list of resource types that Azure Defender secures. Make sure to visit this article that lists the security alerts you might get from Azure Security Center and any Azure Defender plans you’ve enabled.
Microsoft Defender for Servers monitoring dashboard — github.com
The new Microsoft Defender for Servers monitoring dashboard is a presentation of all machines, Azure VMs and non-Azure machines (connected through Azure Arc), that are covered by Microsoft Defender for Cloud. Besides Defender for Cloud coverage and Log Analytics agent installation status, this custom workbook also considers if a machine is currently reporting (i.e. if it is connected and sending logs to its workspace).
Synack Vulnerabilities workbook — github.com The Synack Vulnerabilities workbook provides an overview of the Synack Vulnerabilities data within the Azure Security Center.
Network Security Dashboard for Security Center — github.com Network Security Dashboard for Security Center The new network security dashboard for Security Center provides you a unified view and full visibility to your network security and networking resources in Azure. If you have been actively using Security Center and Network Security features in Azure, this workbook is for you!
Azure Security Benchmark Workbook — github.com
This workbook displays the Azure Security Benchmark. The Azure Security Benchmark (ASB) Workbook provides a single pane of glass for gathering and managing data to address ASB control requirements.
Microsoft Defender for Cloud Enterprise Onboarding Guide — github.com Welcome to the Microsoft Defender for Cloud Enterprise Onboarding Guide Introduction This document describes the actions that an organization must take in order to successfully onboard to Microsoft Defender for Cloud (MDC) at scale. Our recommendation is to automate as many of the steps as possible, as this reduces both manual deployment errors and maintenance effort. Before starting, customers should check the Prerequisites section to make sure they can follow all of the steps outlined in the following section. If customers need to report to their management on the progress of the MDC rollout, they can run the Azure Resource Graph queries listed in the Inventory section before and after following the implementation steps.
Secure Score Over Time Reports — github.com Welcome to the Microsoft Defender for Cloud community repository - Microsoft-Defender-for-Cloud/Secure Score/PowerBI-SecureScoreReport at main · Azure/Microsoft-Defender-for-Cloud
Antivirus Automation for Azure Storage — github.com
Authored by: Aviv Shitrit, Inbal Argov | Updated: May 18th, 2021 Antivirus Automation for Azure Storage is an ARM template that sets resources in your environment in order to protect an Azure blob container from malware by scanning every blob that’s uploaded. The project consists of a function triggered when files are uploaded to or updated in a Blob storage container, and a Windows VM that utilizes Microsoft Defender Antivirus.
Storage anti-malware sample — github.com
This solution detects and removes viruses and malware from a storage account automatically and without delay.
New Things
Important changes coming to Microsoft Defender for Cloud | Microsoft Docs — docs.microsoft.com Container security features to be grouped under Defender for Containers Estimated date for change: December 2021 Microsoft Defender for Cloud's container security features are currently available through two Microsoft Defender plans: Microsoft Defender for Kubernetes Microsoft Defender for container registries
Microsoft-Defender-for-Cloud/Workbooks/Azure Defender for Key Vault Price Estimation at main · Azure/Microsoft-Defender-for-Cloud · GitHub — github.com Welcome to the Microsoft Defender for Cloud community repository - Microsoft-Defender-for-Cloud/Workbooks/Azure Defender for Key Vault Price Estimation at main · Azure/Microsoft-Defender-for-Cloud
Microsoft-Defender-for-Cloud/Workbooks/Azure Defender for Storage Price Estimation at main · Azure/Microsoft-Defender-for-Cloud · GitHub — github.com Welcome to the Microsoft Defender for Cloud community repository - Microsoft-Defender-for-Cloud/Workbooks/Azure Defender for Storage Price Estimation at main · Azure/Microsoft-Defender-for-Cloud
Microsoft-Defender-for-Cloud/Workbooks/Synack Vulnerabilities at main · Azure/Microsoft-Defender-for-Cloud · GitHub — github.com Welcome to the Microsoft Defender for Cloud community repository - Microsoft-Defender-for-Cloud/Workbooks/Synack Vulnerabilities at main · Azure/Microsoft-Defender-for-Cloud
Microsoft-Defender-for-Cloud/Workbooks/Network Security Dashboard at main · Azure/Microsoft-Defender-for-Cloud · GitHub — github.com Welcome to the Microsoft Defender for Cloud community repository - Microsoft-Defender-for-Cloud/Workbooks/Network Security Dashboard at main · Azure/Microsoft-Defender-for-Cloud
Microsoft-Defender-for-Cloud/Workbooks/Defender for Servers Monitoring at main · Azure/Microsoft-Defender-for-Cloud · GitHub — github.com Welcome to the Microsoft Defender for Cloud community repository - Microsoft-Defender-for-Cloud/Workbooks/Defender for Servers Monitoring at main · Azure/Microsoft-Defender-for-Cloud
Microsoft-Defender-for-Cloud/Workbooks/AzureSecurityBenchmark at main · Azure/Microsoft-Defender-for-Cloud · GitHub — github.com Welcome to the Microsoft Defender for Cloud community repository - Microsoft-Defender-for-Cloud/Workbooks/AzureSecurityBenchmark at main · Azure/Microsoft-Defender-for-Cloud
Microsoft-Defender-for-Cloud/Workbooks/Azure Defender Active Alerts at main · Azure/Microsoft-Defender-for-Cloud · GitHub — github.com Welcome to the Microsoft Defender for Cloud community repository - Microsoft-Defender-for-Cloud/Workbooks/Azure Defender Active Alerts at main · Azure/Microsoft-Defender-for-Cloud
A new name for multi-cloud security: Microsoft Defender for Cloud - Microsoft Tech Community — techcommunity.microsoft.com Azure Security Center and Azure Defender are now Microsoft Defender for Cloud. In this post we will give you additional insight into the name change and clarify how it affects your in-product experience.