L’équipe Azure Security Center a publié un billet visant à créer une formation complète sur Azure Defender (anciennement Azure Security Center) allant jusqu’à un niveau d’expertise. On retrouve notamment :
Module 1 - Introducing Azure Security Center
- What is Azure Security Center
- Securing the hybrid cloud with Azure Security Center
- Hybrid security management across your data center
- Understanding ASC Pricing
- Azure Security Center Data Flow
Module 2 – Planning Azure Security Center
- Supported Platforms
- Features for IaaS workloads
- Features for PaaS workloads
- Built-in RBAC Roles in ASC
- Design Considerations for Log Analytics Workspace
- Azure Security Center Monitoring Agent Deployment Options
- Onboarding on-premises machines using Windows Admin Center
- Understanding Security Policies in ASC
- Built-in Policies in ASC
- Creating Custom Policies
- Configuring Security Center Resource Type Pricing with Azure Policy
- Managing Security Center at scale using ARM templates and Azure Policy
- Centralized Policy Management in Azure Security Center using Management Groups
- Planning Data Collection for IaaS VMs
- Considerations for Multi-Tenant Scenario
- Best Practices for Log Analytics Workspace when using ASC and Azure Sentinel
- How to Effectively Perform an Azure Security Center PoC
Module 3 – Enhance your Cloud Security Posture using Secure Score
- Overview of Secure Score in ASC
- Secure Score Capabilities
- How Secure Score affects your governance
- Enhance your Secure Score in ASC
- Security recommendations
- Survival Guide to Drive your Secure Score Up
- Deliver a Security Score weekly briefing
- Send ASC Recommendations to Azure Resource Stakeholders
- Secure Score Over Time Reports
- Secure Score Reduction Alert
- Automation Artifacts for Secure Score Recommendations
- Remediation Scripts
- Security Controls in Azure Security Center
Module 4 – Cloud Security Posture Management Capabilities in ASC
- Overview of the Asset Inventory feature in ASC
- Managing Asset Inventory in ASC
- Overview of Vulnerability Assessment in ASC
- Vulnerability Assessment Deployment Options
- Vulnerability Assessment Workbook Template
- Vulnerability Assessment for Containers
- Exporting Azure Container Registry Vulnerability Assessment in Azure Security Center
- Implementing Workflow Automation
- Workflow Automation Artifacts
- Creating Custom Dashboard for ASC
- Using Azure Security Center API for Workflow Automation
- Understanding Network Map
- Using Adaptive Network Hardening
- Identify security vulnerabilities workloads managed by ASC
Module 5 – Regulatory Compliance Capabilities in ASC
- Regulatory compliance dashboard
- Understanding Regulatory Compliance Capabilities in ASC
- Regulatory Compliance dashboard and security benchmark
- Adding new regulatory compliance standards
- Blueprint samples for regulatory compliance standards
Module 6 – Cloud Workload Protection Platform Capabilities in ASC
- Understanding Just-in-Time VM Access
- Reducing the Attack Surface with Just-In-Time VM Access
- Implementing JIT VM Access
- Automate JIT VM Access Deployment with PowerShell
- File Integrity Monitoring in ASC
- Define known-safe applications using Adaptive Application Control
- Understanding Threat Protection in ASC
- Threat Protection Categories
- Threat Protection for AKS
- Understanding Security Incident
- Overview of Security Alerts in ASC
- Alert Reference Guide
- Alert Suppression
- Simulating Alerts in ASC
- Integration with Microsoft Defender ATP
- Resolve security threats with ASC
- Protect your servers and VMs from brute-force and malware attacks with ASC
Module 7 – Streaming Alerts and Recommendations to a SIEM Solution
- Continuous Export capability in ASC
- Deploying Continuous Export using Azure Policy
- How Azure Sentinel and Azure Security Center Work Together
- Connecting Azure Sentinel with ASC
- Closing an Incident in Azure Sentinel and Dismissing an Alert in Azure Security Center
- Accessing Azure Security Center Alerts in Splunk using Graph Security API Integration
Module 8 – Integrations and APIs
- Integration with Tenable
- Integrate security solutions in ASC
- REST APIs for ASC
- Obtaining Secure Score via REST API
- Using Graph Security API to Query Alerts in ASC
Other Resources
