Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Solutions/AzureSecurityBenchmark
История
Sentinel a65168c32b Merge branch 'master' into v-sudkharat/Repackaging-AzureSecurityBenchmark 2024-02-16 15:25:20 +05:30
..
Analytic Rules Update AzureSecurityBenchmarkPostureChanged.yaml 2022-04-18 14:00:27 -04:00
Data Repackaging -AzureSecurityBenchmark 2024-01-24 15:30:44 +05:30
Package Repackaging -AzureSecurityBenchmark 2024-01-24 15:30:44 +05:30
Playbooks Updating Azure Sentinel to Microsoft Sentinel 2023-06-13 19:00:40 +05:30
Workbooks Update links 2023-12-04 14:50:54 +05:30
ReleaseNotes.md Merge branch 'master' into v-sudkharat/Repackaging-AzureSecurityBenchmark 2024-02-16 15:25:20 +05:30
SolutionMetadata.json Updating Domain categories for Solutions 2022-12-28 16:39:18 +05:30
readme.md Update readme.md 2022-06-14 15:25:28 -04:00

readme.md

Overview

Microsoft Sentinel: Azure Security Benchmark Solution

The Azure Security Benchmark v3 Solution is designed to enable Cloud Architects, Security Engineers, and Governance Risk Compliance Professionals to gain situational awareness for cloud security posture and hardening. Benchmark recommendations provide a starting point for selecting specific security configuration settings and facilitate risk reduction. The Azure Security Benchmark includes a collection of high-impact security recommendations for improving posture. This workbook provides visibility and situational awareness for security capabilities delivered with Microsoft technologies in predominantly cloud-based environments. Customer experience will vary by user and some panels may require additional configurations for operation.

Try on Portal

You can deploy the workbook by clicking on the buttons below:

Workbook Overview
Workbook Overview
Workbook Overview

Getting Started

This workbook leverages Azure Policy, Azure Resource Graph, and Azure Log Analytics to align directly with the Azure Security Benchmark. A filter set in guide, subscription, workspace, time, and ASB control are available for customized reporting and review. The documentation below provides getting started recommendations for centralizing log analytics data and enabling Microsoft Defender for Cloud Continuous Export. This offering There is telemetry from 25+ Microsoft Security products included in this offering. Common use cases include conducting ASB assessments which custom reporting, time filtering, subscription filtering, workspace filtering, and guides. The report is exportable for print or PDF with the Print Workbook feature. The workbook is organized by ASB control areas, each area has multiple control cards. Control cards include ASB logging over time, current ASB assessment recommendations, ASB status, documentation guides, recommendations, and links to product pages, documentation, and portals for all referenced products.

Recommended Microsoft Sentinel Roles / Recommended Microsoft Defender for Cloud Roles

Roles Rights
Security Reader View Workbooks, Analytics, Hunting, Security Recommendations
Security Contributor Deploy/Modify Workbooks, Analytics, Hunting Queries, Apply Security Recommendations
Owner Assign Regulatory Compliance Initiatives

Prerequisites

This solution is designed to augment staffing through automation, query/alerting generation, and visualizations. This solution leverages Azure Policy, Azure Resource Graph, and Azure Log Analytics to align with Azure Security Benchmark control requirements. A filter set is available for custom reporting by guides, subscriptions, workspaces, time-filtering, control family, and maturity level. This offering telemetry from 25+ Microsoft Security products, while only Microsoft Sentinel/Microsoft Defender for Cloud are required to get started, each offering provides additional enrichment for aligning with control requirements. Each ASB control includes a Control Card detailing an overview of requirements, primary/secondary controls, deep-links to referenced product pages/portals, recommendations, implementation guides, compliance cross-walks and tooling telemetry for building situational awareness of cloud workloads.
1 Access Microsoft 365 Compliance Manager: Assessments
2 Onboard Microsoft Sentinel
3 Onboard Microsoft Defender for Cloud
4 Add the Microsoft Defender for Cloud: Azure Security Benchmark Assessment to Your Dashboard
5 Continuously Export Security Center Data to Log Analytics Workspace
6 Extend Microsoft Sentinel Across Workspaces and Tenants
7 Review Microsoft Service Trust Portal

Workbook

The Microsoft Sentinel: Azure Security Benchmark v3 Workbook provides a mechanism for viewing log queries, azure resource graph, and policies aligned to ASB controls across Microsoft security offerings, Azure, Microsoft 365, 3rd Party, On-Premises, and Multi-cloud workloads. This workbook enables Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective ASB requirements and practices.

Analytics Rules

The Microsoft Sentinel: Azure Security Benchmark Analytics rules leverage Microsoft Defender for Cloud Regulatory Compliance mappings to measure ASB alignment across requirements. The default configuration is set for scheduled rules running every 7 days to reduce alert overload. The default configuration is to alert when posture compliance is below 70% and this number is configurable per organizational requirements.

Playbooks

1) Notify_GovernanceComplianceTeam

This Security Orchestration, Automation, & Response (SOAR) capability is designed for configuration with the solution's analytics rules. When analytics rules trigger this automation notifies the governance compliance team of respective details via Teams chat and exchange email. this automation reduces requirements to manually monitor the workbook or analytics rules while increasing response times.

2) Open_DevOpsTask

This Security Orchestration, Automation, & Response (SOAR) capability is designed to create an Azure DevOps Task when an alert is triggered. This automation enables a consistent response when resources become unhealthy relative to a predefined recommendation, enabling teams to focus on remediation and improving response times.

3) Open-JIRA-Ticket

This Security Orchestration, Automation, & Response (SOAR) capability is designed to open a JIRA issue when a recommendation is unhealthy in Microsoft Defender for Cloud. This automation improves time to response by providing consistent notifications when resources become unhealthy relative to a predefined recommendation.<br

Print/Export Report

1 Set Background Theme: Settings > Appearance > Theme: Azure > Apply
2 Print/Export Report: More Content Actions (...) > Print Content
3 Settings: Layout (Landscape), Pages (All), Print (One Sided), Scale (60), Pages Per Sheet (1), Quality (1,200 DPI), Margins (None) > Print
4 Executive Summary: Microsoft Defender for Cloud > Regulatory Compliance > Download Report > Report Standard (Azure Security Benchmark), Format (PDF)

Feedback

  Please take time to answer a quick survey, click here.

Disclaimer

The Microsoft Sentinel: Azure Security Benchmark Solution demonstrates best practice guidance, but Microsoft does not guarantee nor imply compliance. This solution provides visibility and situational awareness for control requirements delivered with Microsoft technologies in predominantly cloud-based environments. Customer experience will vary by user and some panels may require additional configurations and query modification for operation. Recommendations should be considered a starting point for planning full or partial coverage of respective control requirements.