Orphaned Azure Security Principals Clean-up & Azure Policy Managed Identity Role Assignment Automation
This blog covers 2 topics : (1) how you can automate clean-up of any orphaned security principal role assignments – …
Azure
Automate Reporting of Defender for Cloud recommendations & Role Assignments with 35 different views
Background Recently, I was asked to build a simple reporting-script, which integrates data from Microsoft Defender for Cloud and Azure …
Sentinel Alert Rules Management with Add / Update / Remove & Alert Rule Action automation
Do you want to automate alert rules including creating new alert rules and update existing – with checks every x …
Real example with 43% cost savings on Sentinel log-costs: How to exclude Syslog log-events from banned IPs using AbuseIPDB-service with integration to firewalls
This is a real-life example of how I helped reduce the log-cost by 43% for LogAnalytics & Sentinel combined for …
How to run custom scripts on thousands of servers within a few minutes using Azure Custom Scripts extension and multithreaded jobs – and have them re-run daily?
Have you ever had a need to collect vital configuration status (inventory) from thousands of servers – with a defined …
How to migrate from Qualys and enable Microsoft Defender Vulnerability Management (MdeTvm) in Microsoft Defender for Cloud?
Microsoft’s Defender Vulnerability Management is a built-in module in Microsoft Defender for Endpoint that can: If you’ve enabled the integration with Microsoft …
How to detect File Deletions using Audit-data (SecurityEvent) & Azure LogAnalytics ?
Recently I was asked to provide a solution to detect file deletions on a file server in a sensitive folder …
How to do data transformation with Azure LogAnalytics – to enrich information, optimize cost, remove sensitive data?
One of the cool features in Azure LogAnalytics is the capability to do data-transformation before the data enters your LogAnalytics …