Microsoft Sentinel, the Microsoft SIEM solution, is running in the cloud.Azure subscription, where we will run Security services + two Virtual Machines for our tests.We will use part of this environment to explain the attacks we will build in this guide and what Microsoft security solutions we will consider to avoid those attacks and capture them as Incidents. It also contains some Security solutions provided by Microsoft. The diagram below represents a common IT solution that contains a hybrid environment and some basic components, such as Virtual Machines. All those implementations will require zero cost, we will use all trial-based licenses for Azure, Sentinel, and Microsoft Defender for Endpoint and for the simulated attacks. We will implement a simple IT Environment to be used to be attacked, then we will implement the Security solutions to avoid and mitigate the attacks, and we will run the simulated attacks. You can test your security implementation effectiveness through two different simulated attacks, also explained step by step. This instructions guide will make you understand every step in the Security journey by implementing Azure, Microsoft Sentinel, Log Analytics, Microsoft Entra, and Microsoft Defender for Endpoint (EDR). This is not an automated solution based on any available script language such as ARM Template or Biceps. This is not intended to replace any Microsoft official document already published. This document will guide you from scratch, and the only prerequisite is to have a computer with an internet browser connected to the internet. The goal is to make you implement a security solution using Azure and M365 Defender to avoid some threats against your IT environment. This is a simple and very objective cookbook-style document. Important links for solutions are used throughout this document.credential theft attack (through anonymous access).building the Virtual Machines (used during the threat simulation).integration between Microsoft Defender for Endpoint and Sentinel.navigating through Microsoft Defender for Cloud.provisioning Azure Log Analytics workspace.Common customer IT environment (used as a background to be attacked).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |