Azure – Azure Security Center is now helping you identifying weak network access
You may already know Azure Security Center, your one stop shop for anything security related on Azure, helping you managing and improving your...
1 min read
cubesys : Sep 2, 2020 12:00:00 AM
As you know Azure Security Center is your one stop shop to help you stay on top of your security posture for your resources hosted in Azure.
As there is more and more resources hosted on cloud services, security and protection against attack is more important than ever.
As you know you can protect your virtual machines running on Azure using various options, the easiest and free one is the Network Security Group (NSG).
Managing allowed/denied IP address list on NSG is not easy, especially when you need to act fast when an attack is detected.
Well, good news, the Azure Security Center group has developed an automation helping you block IP addresses at the NSG level when a brute force attack is detected.
To start using it you need:
Well, let’s start deploying the automation by hitting the Deploy to Azure
Then fill up the required filled:
Now you need to grant the BlockBruteForceAttackedIP Logic App either User Access Administrator or Owner for the subscription(s), group management or resource group to scope your usage (scope of your Azure Security Center protection)
Then you need to grant the Office 365 API called office365-BlockBruteForceAttackedIP by accessing the Edit API connection blade by hitting the blue button
If you see the Authorization was successful message you can hit the Save button
Now you can create the automation on your Azure Security Center.
The ASC automation workflow needs to use the following:
You are now ready to get all IP addresses doing a brute force attack being added on the NSG associated with the attacked VM and being blocked.
You may already know Azure Security Center, your one stop shop for anything security related on Azure, helping you managing and improving your...
As you know Azure comes with a lot of security capability which sometimes get missed or misconfigured.
After releasing a Power BI dashboard to follow up on the evolution of your Azure Secure Score (see https://t.co/U1I15FSuBP), you can now get an email...