mahmoudmsft

Architecture Guidance: How to ingest GCP FirewallVPC logs into Microsoft Sentinel

Firstly, I would like to thank  Benjamin Kovacevic and Yael Bergman for their help with this article. While the existing Sentinel GCP Pub/Sub Audit Logs connector documented here provides a way to ingest GCP platform audit logs, ingesting GCP Firewall logs or VPS logs remains a needed capability. In this blog post I will show a simple way […]

Architecture Guidance: How to ingest GCP FirewallVPC logs into Microsoft Sentinel Continue Reading

How to deploy Attack Surface Reduction rules to Azure VMs using Azure Guest Configurations

Disclaimer: Under normal circumstances ASR rules should only be deployed using the following methods mentioned in this document: Microsoft Intune Mobile Device Management (MDM) Microsoft Endpoint Configuration Manager Group Policy PowerShell In rare cases where VMs are server OSs, non-domain joined, and not managed by SCCM or third-party management solutions, Azure Automation State Configuration or

How to deploy Attack Surface Reduction rules to Azure VMs using Azure Guest Configurations Continue Reading