Windows Service Monitoring at Scale using Cloud Native Azure Components
Recently, I was challenged to build a scalable, cloud native solution that should be used for monitoring of critical Windows …
azure
Troubleshooting & Monitoring of Log Ingestion with Data Collection Rules
As I have outlined in the series of blogs, Azure Logging is based on Data Collection Rules (DCRs) and Azure …
Optimize Costs using Auxiliary Logs for Verbose Logging
Today, we use logging for many purposes including security hunting with SIEM (Sentinel), troubleshooting, performance telemetry, compliance reporting – but …
Detect Impact MFA Enforcement
You may have noticed that Microsoft will enforce MFA requirement per October 15, 2024 for Azure/Entra/Intune. If this is new …
Orphaned Azure Security Principals Clean-up & Azure Policy Managed Identity Role Assignment Automation
This blog covers 2 topics : (1) how you can automate clean-up of any orphaned security principal role assignments – …
Automate Reporting of Defender for Cloud recommendations & Role Assignments with 35 different views
Background Recently, I was asked to build a simple reporting-script, which integrates data from Microsoft Defender for Cloud and Azure …
How to save $$$ by storing your Syslog and Defender for Endpoint long-term logs in Azure Data Explorer cluster using Azure Data Factory and Azure Storage Account export – while keeping Kusto query functionalities ?
This blog is about keeping long-term Sentinel logs, giving you insight to the options today – with great opportunities to …
Real example with 43% cost savings on Sentinel log-costs: How to exclude Syslog log-events from banned IPs using AbuseIPDB-service with integration to firewalls
This is a real-life example of how I helped reduce the log-cost by 43% for LogAnalytics & Sentinel combined for …
How to run custom scripts on thousands of servers within a few minutes using Azure Custom Scripts extension and multithreaded jobs – and have them re-run daily?
Have you ever had a need to collect vital configuration status (inventory) from thousands of servers – with a defined …
How to detect File Deletions using Audit-data (SecurityEvent) & Azure LogAnalytics ?
Recently I was asked to provide a solution to detect file deletions on a file server in a sensitive folder …