Catégorie : Microsoft Defender for Cloud

5 janvier 20225 janvier 2022

Microsoft Defender for Containers plan released for general availability (GA)

Hi!

With the release of Microsoft Defender for Containers, Microsoft merged two existing Defender plans:

Defender for Kubernetes

Defender for container registries

The new plan:

Combines the features of the two existing plans – threat detection for Kubernetes clusters and vulnerability assessment for images stored in container registries
Brings new and improved features – including multi-cloud support, host level threat detection with over sixty new Kubernetes-aware analytics, and vulnerability assessment for running images
Introduces Kubernetes-native at-scale onboarding – by default, when you enable the plan all relevant components are configured to be deployed automatically

To enable this new plan, please follow the following steps:

Microsoft Defender for Cloud >
In the “Management” section >
Environment settings >
Select your subscription >
Click on “On” for Containers >
Save

Maxime.

29 décembre 202129 décembre 2021

Microsoft Ignite 2021 – Azure Security Updates

Hi!

Few weeks ago, I had the pleasure to be speaker for the Microsoft Azure Quebec Community. During this presentation, I showed the latest announcements of the Azure Security updates, more specifically on Microsoft Defender.

Slides: https://zigmax.net/wp-content/uploads/2021/12/MS_Ignite_Security_2021.pdf

Video (in French): https://www.youtube.com/watch?v=YSoG9K0r2g4

Thanks,

Maxime.

16 novembre 202115 novembre 2021

New alerts for Microsoft Defender for Kubernetes

Hi!

To expand the threat protections provided by Microsoft Defender for Kubernetes, we’ve added two preview alerts.

Alert (alert type)	Description	MITRE tactic	Severity
Anomalous pod deployment (Preview) (K8S_AnomalousPodDeployment)	Kubernetes audit log analysis detected pod deployment that is anomalous based on previous pod deployment activity. This activity is considered an anomaly when taking into account how the different features seen in the deployment operation are in relations to one another. The features monitored by this analytics include the container image registry used, the account performing the deployment, day of the week, how often does this account performs pod deployments, user agent used in the operation, is this a namespace which is pod deployment occur to often, or other feature. Top contributing reasons for raising this alert as anomalous activity are detailed under the alert extended properties.	Execution	Medium
Excessive role permissions assigned in Kubernetes cluster (Preview) (K8S_ServiceAcountPermissionAnomaly)	Analysis of the Kubernetes audit logs detected an excessive permissions role assignment to your cluster. From examining role assignments, the listed permissions are uncommon to the specific service account. This detection considers previous role assignments to the same service account across clusters monitored by Azure, volume per permission, and the impact of the specific permission. The anomaly detection model used for this alert takes into account how this permission is used across all clusters monitored by Azure Defender.	Privilege Escalation	Low

For a full list of the Kubernetes alerts, see Alerts for Kubernetes clusters.

Maxime.