Azure DevOps Shorts: Azure Sentinel and AKS
Having insight into what security threats exist for your applications is paramount for reliability. Microsoft Azure continues to make a commitment to protecting your solutions in the cloud with security services and products for users. Just a few of the tools you may use to protect your resources on Azure are Security Center, Azure DDoS Protection, and Azure Sentinel.
What is Azure Sentinel?
Prevent threats before they happen using Microsoft Azure Sentinel. Sentinel is a security information event management (SIEM) and security orchestration automated response (SOAR) solution. Sentinel is native to the cloud, and provides you with intelligent analytics about different threats to your IT solutions.
Make your threat detection and response smarter and faster with artificial intelligence (AI). Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs.
Azure Kubernetes Services provides users with a unified control plane to work with their Kubernetes clusters. By utilizing the power of the AKS platform and the security scans of Azure Sentinel, you can ensure a more secure environment for your applications. In this short from the DevOps Lab, Damian Brady and Sarah Young show how you can scan for vulnerabilities on your Kubernetes clusters using Azure Sentinel.
To on-board Azure Sentinel, you first need to enable Azure Sentinel, and then connect your data sources. Azure Sentinel comes with a number of connectors for Microsoft solutions, available out of the box and providing real-time integration, including Microsoft 365 Defender (formerly Microsoft Threat Protection) solutions, Microsoft 365 sources (including Office 365), Azure AD, Microsoft Defender for Identity (formerly Azure ATP), Microsoft Cloud App Security, Azure Defender alerts from Azure Security Center, and more. In addition, there are built-in connectors to the broader security ecosystem for non-Microsoft solutions. You can also use Common Event Format (CEF), Syslog or REST-API to connect your data sources with Azure Sentinel.
After you connect your data sources, choose from a gallery of expertly created workbooks that surface insights based on your data. These workbooks can be easily customized to your needs.
Once you have connected your data sources to Azure Sentinel, you’ll want to be notified when something suspicious occurs. That’s why Azure Sentinel provides out-of-the-box, built-in templates to help you create threat detection rules. These templates were designed by Microsoft’s team of security experts and analysts based on known threats, common attack vectors, and suspicious activity escalation chains. Rules created from these templates will automatically search across your environment for any activity that looks suspicious. Many of the templates can be customized to search for activities, or filter them out, according to your needs. The alerts generated by these rules will create incidents that you can assign and investigate in your environment.