This article is contributed. See the original author and article here.
This blog post has a curation of many Azure Security Center (ASC) resources, organized in a format that can help you to go from absolutely no knowledge in ASC, to design and implement different scenarios. You can use this blog post as a training roadmap to learn more about Azure Security Center.
Modules
To become an ASC Ninja, you will need to complete each module. The content of each module will vary, refer to the legend to understand the type of content before clicking in the topic’s hyperlink. The table below summarizes the content of each module:
Module |
Description |
1 – Introducing Azure Security Center |
In this module you will familiarize yourself with ASC and understand the use case scenarios. You will also learn about ASC pricing and overall architecture data flow. |
2 – Planning Azure Security Center |
In this module you will learn the main considerations to correctly plan Azure Security Center deployment. From supported platforms to best practices implementation. |
3 – Enhance your Cloud Security Posture using Secure Score |
In this module you will learn how to leverage Secure Score to continuous improvement of your cloud security posture. This module includes automation samples that can be used to facilitate secure score adoption and operations. |
4 – Cloud Security Posture Management Capabilities in ASC |
In this module you will learn how to use the cloud security posture management capabilities available in ASC, which includes vulnerability assessment, inventory, workflow automation and custom dashboards with workbooks. |
5 – Regulatory Compliance Capabilities in ASC |
In this module you will learn about the regulatory compliance dashboard in ASC and give you insights on how to include additional standards. In this module you will also familiarize yourself with Azure Blueprints for regulatory standards. |
6 – Cloud Workload Protection Platform Capabilities in ASC |
In this module you will learn how the advanced cloud capabilities in ASC work, which includes JIT, File Integrity Monitoring and Adaptive Application Control. This module also covers how threat protection works in ASC, the different categories of detections, and how to simulate alerts. |
7 – Streaming Alerts and Recommendations to a SIEM Solution |
In this module you will learn how to use native ASC capabilities to stream recommendations and alerts to different platforms. You will also learn more about Azure Sentinel native connectivity with ASC. Lastly, you will learn how to leverage Graph Security API to stream alerts from ASC to Splunk. |
8 – Integrations and APIs |
In this module you will learn about the different integration capabilities in ASC, how to connect Tenable to ASC, and how other supported solutions can be integrated with ASC. |
Legend
Product videos |
Webcast recordings |
Tech Community |
Docs on Microsoft |
Blogs on Microsoft |
GitHub |
External |
Interactive guides |
|
Module 1 – Introducing Azure Security Center
- What is Azure Security Center
- Securing the hybrid cloud with Azure Security Center
- Hybrid security management across your data center
- Understanding ASC Pricing
- Azure Security Center Data Flow
Module 2 – Planning Azure Security Center
- Supported Platforms
- Features for IaaS workloads
- Features for PaaS workloads
- Built-in RBAC Roles in ASC
- Design Considerations for Log Analytics Workspace
- Azure Security Center Monitoring Agent Deployment Options
- Onboarding on-premises machines using Windows Admin Center
- Understanding Security Policies in ASC
- Built-in Policies in ASC
- Creating Custom Policies
- Configuring Security Center Resource Type Pricing with Azure Policy
- Managing Security Center at scale using ARM templates and Azure Policy
- Centralized Policy Management in Azure Security Center using Management Groups
- Planning Data Collection for IaaS VMs
- Considerations for Multi-Tenant Scenario
- Best Practices for Log Analytics Workspace when using ASC and Azure Sentinel
- How to Effectively Perform an Azure Security Center PoC
Module 3 – Enhance your Cloud Security Posture using Secure Score
- Overview of Secure Score in ASC
- Secure Score Capabilities
- How Secure Score affects your governance
- Enhance your Secure Score in ASC
- Security recommendations
- Survival Guide to Drive your Secure Score Up
- Deliver a Security Score weekly briefing
- Send ASC Recommendations to Azure Resource Stakeholders
- Secure Score Over Time Reports
- Secure Score Reduction Alert
- Automation Artifacts for Secure Score Recommendations
- Remediation Scripts
- Security Controls in Azure Security Center
Module 4 – Cloud Security Posture Management Capabilities in ASC
- Overview of the Asset Inventory feature in ASC
- Managing Asset Inventory in ASC
- Overview of Vulnerability Assessment in ASC
- Vulnerability Assessment Deployment Options
- Vulnerability Assessment Workbook Template
- Vulnerability Assessment for Containers
- Exporting Azure Container Registry Vulnerability Assessment in Azure Security Center
- Implementing Workflow Automation
- Workflow Automation Artifacts
- Creating Custom Dashboard for ASC
- Using Azure Security Center API for Workflow Automation
- Understanding Network Map
- Using Adaptive Network Hardening
- Identify security vulnerabilities workloads managed by ASC
Module 5 – Regulatory Compliance Capabilities in ASC
- Understanding Regulatory Compliance Capabilities in ASC
- Regulatory Compliance dashboard and security benchmark
- Adding new regulatory compliance standards
- Blueprint samples for regulatory compliance standards
Module 6 – Cloud Workload Protection Platform Capabilities in ASC
- Understanding Just-in-Time VM Access
- Reducing the Attack Surface with Just-In-Time VM Access
- Implementing JIT VM Access
- Automate JIT VM Access Deployment with PowerShell
- File Integrity Monitoring in ASC
- Define known-safe applications using Adaptive Application Control
- Understanding Threat Protection in ASC
- Threat Protection Categories
- Threat Protection for AKS
- Understanding Security Incident
- Overview of Security Alerts in ASC
- Alert Reference Guide
- Alert Suppression
- Simulating Alerts in ASC
- Integration with Microsoft Defender ATP
- Resolve security threats with ASC
- Protect your servers and VMs from brute-force and malware attacks with ASC
Module 7 – Streaming Alerts and Recommendations to a SIEM Solution
- Continuous Export capability in ASC
- Deploying Continuous Export using Azure Policy
- How Azure Sentinel and Azure Security Center Work Together
- Connecting Azure Sentinel with ASC
- Closing an Incident in Azure Sentinel and Dismissing an Alert in Azure Security Center
- Accessing Azure Security Center Alerts in Splunk using Graph Security API Integration
Module 8 – Integrations and APIs
- Integration with Tenable
- Integrate security solutions in ASC
- REST APIs for ASC
- Obtaining Secure Score via REST API
- Using Graph Security API to Query Alerts in ASC
Have a great time ramping up in Azure Security Center and becoming an ASC Ninja!!
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments