Advanced Security automation in Microsoft Azure

Microsoft is releasing many new security features and they are investing a lot, this is a very good sign of good commitment for a company.

Of the major security features are Security Center, a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on-premises.

The last arrived, Azure Sentinel, now in preview, it provides intelligent security analytics for your entire enterprise at cloud scale. Get limitless cloud speed and scale to help focus on what really matters. Easily collect data from all your cloud or on-premises assets, Office 365, Azure resources, and other clouds. Effectively detect threats with built-in machine learning from Microsoft’s security analytics experts. Automate threat response, using built-in orchestration and automation playbooks.

Behind the scenes, these features are actually providing security automation capabilities with amazing reporting, alerting, running books etcetera and we can do a lot more with the support of the open-source world.

Azure provides great automation capabilities using automation account and blueprint, and other great options are Containers.

I think the containerization is a very powerful option, in azure I use Service Fabric and Docker, in different combinations, depending on the usage.

One good example is the using of great security tools like OWASP ZAP, it provides a very extensive API interface and Docker images.

For Docker hosting, we have several options like Virtual Machine, Service Fabric, and we can use Azure Container Registry with Azure CI.

In docker, we can install ZAP using the command below.

docker pull -t sfpsecuritycontainer.azurecr.io/owasp/zap2docker-stable

We can also use the weekly distribution option for continuous updates.

Run ZAP using the command below

docker run -u zap -p 8080:8080 -i owasp/zap2docker-stable zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true

We can directly browse the API

And try and execute them directly from UI and test them before the usage.

We can scan targets and produce our logs and push our logs in the Azure Workspace, this is to integrate our security tools into assets like Security Center and Sentinel.

Related blog posts