June 22, 2024June 23, 2024 Defender for Cloud – Part 2: The Asset Inventory Asset Inventory The asset inventory page shows the security posture of the resources you’ve connected to Defender for Cloud. Defender for Cloud periodically analyzes the security state of resources connected to your subscriptions to identify potential security issues and provides you with active recommendations. Use this view and its filters to address such questions as:Which of my subscriptions with Defender plans enabled have outstanding recommendations?Which of my machines with the tag ‘Production’ are missing the Log Analytics agent?How many of my machines tagged with a specific tag have outstanding recommendations?Which machines in a specific resource group have a known vulnerability (using a CVE number)?The security recommendations on the asset inventory page are also shown in the Recommendations page, but here they’re shown according to the affected resource.Also a new feature called Critical Assets are shown. Key features 1. Inventory Inventory shows ALL your Azure resources, your other connected resources like in my case Amazon Web Services -connected resources. It shows where they are located, recommedations for those resources. You can search for example installed applications and vulnerabilities to those. These features were in lot of use before the Cloud Security Explorer function. And if you like to drill in to resource you just click the resource like in this example of my ubuntu server: 2. Summaries Total resources: The total number of resources connected to Defender for Cloud.Unhealthy resources: Resources with active security recommendations that you can implement. Learn more about implementing security recommendations.Unmonitored resources: Resources with agent monitoring issues – they have the Log Analytics agent deployed, but the agent isn’t sending data or has other health issues.Unregistered subscriptions: Any subscription in the selected scope that hasn’t yet been connected to Microsoft Defender for Cloud. 3. Filters With filters you can provide a quick way to refine the list of resources according to the question you’re trying to answer. 4. Export tools Inventory includes an option to export the results of your selected filter options to a CSV file. You can also export the query itself to Azure Resource Graph Explorer to further refine, save, or modify the Kusto Query Language (KQL) query.You can also add non-Azure servers to the inventory which actually means that you can install a log analytics agent to a non-Azure like on-prem windows/linux server.So if you press that link above you end up this view: and from there you finally end up this view if you do as instructions say: 1.You can see the summary of connected windows or linux servers and you can add Data Collection rules to that Azure monitor agent you are about to install: 2.Here you can have installers for a windows/linux machines and get the needed information to those installers:Workspace IDPrimary keySecondary keyIt’s also possible download the Log Analytics Gateway to act as a proxy if you have machines without Internet connectivity That was kind of all from the Asset inventory. Stay tuned. The next part is coming. The parts of the MDC blog series View all the parts of the MDC blog series:Part 0: Microsoft Defender for Cloud – The EPIC blog series – introductionPart 1: Getting started Part 2: The Asset Inventory (this post)Part 3: Security posturePart 4: Security recommendationsPart 5: Security alertsPart 6: Attack path analysisPart 7: Cloud security explorerPart 8: WorkbooksPart 9: Regulatory compliancePart 10: Workload protectionsPart 11: Data securityPart 12: Firewall managerPart 13: DevOps securityPart 14: Environment settingsPart 14A: Defender PlansPart 14B: Security PoliciesPart 14C: Email notificationsPart 14D: Workflow automationPart 14E: Continuous ExportPart 15: Security solutionsPart 16: Community Jussi Metso Author is a a lifelong IT enthusiast, Microsoft Security MVP and interested in Cloud Security, XDR, SIEM and AI. Motto: Learning is the key for your future. Share on Social Media x facebook linkedinwhatsapp Discover more from Jussi Metso Subscribe to get the latest posts sent to your email. Type your email… Subscribe DEFENDER FOR CLOUD
DEFENDER FOR CLOUD Defender for Cloud – Part 3: Security Posture June 22, 2024July 7, 2024 Properly managing security posture in public cloud environments is challenging due to lack of awareness and resource constraints. The post introduces Microsoft Defender for Cloud, highlighting its Security Posture feature, which assists with governance, risk assessment, and security management across hybrid and multi-cloud environments, thereby enhancing overall asset security. Read More
DEFENDER FOR CLOUD Defender for Cloud – Part 0: Introduction (The blog series) January 20, 2024June 23, 2024 Microsoft Defender for Cloud is my favourite tool / solution inside Azure portal. I use… Read More
DEFENDER FOR CLOUD Defender for Cloud – Part 4: Security Recommendations August 24, 2024August 26, 2024 Resources and workloads protected by Microsoft Defender for Cloud are assessed against built-in and custom security standards enabled in your Azure subscriptions, AWS accounts, and GCP projects. Based on those assessments, security recommendations provide practical steps to remediate security issues, and improve security posture. Read More