New Alert in Azure Defender for Azure Storage Account

Hi!

We’d like to inform you that a new alert has been detected in Azure Defender for Azure Storage Account: A malicious blob has been downloaded from a storage account.

Alert (alert type)DescriptionMITRE tacticsSeverity
Malicious blob was downloaded from a storage account (Preview)
Storage.Blob_MalwareDownload
The alert indicates that a malicious blob was downloaded from a storage account. Potential causes may include malware that was uploaded to the storage account and not removed or quarantined, thereby enabling a threat actor to download it, or an unintentional download of the malware by legitimate users or applications.
Applies to: Azure Blob (Standard general-purpose v2, Azure Data Lake Storage Gen2 or premium block blobs) storage accounts with the new Defender for Storage plan with the Malware Scanning feature enabled.
Lateral MovementHigh, if Eicar – low

You can see a list of all of the alerts for for Azure Storage Account.

Maxime.

AKS | Karpenter Introduction

Hi!

As businesses continue to embrace Kubernetes for container orchestration, the need for efficient resource utilization and cost optimization becomes paramount. Enter Karpenter, an open-source node provisioning project tailored specifically for Kubernetes environments. In this article, we’ll explore how Karpenter can be a game-changer for Azure Kubernetes Service (AKS) users, helping them unlock the full potential of their clusters while minimizing operational costs.

This is achieved through a set of core functionalities:

  1. Automated Unschedulable Pod Handling: Karpenter actively monitors the Kubernetes scheduler for pods that have been flagged as unschedulable. This ensures that no resources go to waste, and workloads can be efficiently distributed across the cluster.
  2. Dynamic Scheduling Constraints Evaluation: The system meticulously evaluates a range of scheduling constraints specified by the pods. These constraints include resource requests, nodeselectors, affinities, tolerations, and topology spread constraints. By taking these factors into consideration, Karpenter ensures optimal node selection for each workload.
  3. Precision Node Provisioning: Karpenter excels in the art of resource allocation. It automatically provisions nodes that precisely align with the specific requirements of the pods. This results in a finely tuned infrastructure that maximizes resource utilization.
  4. Automated Node Decommissioning: As workloads evolve, the need for certain nodes may diminish. Karpenter is equipped to intelligently identify when nodes are no longer essential and orchestrates their graceful removal from the cluster. This proactive management ensures that resources are allocated efficiently and are not tied up unnecessarily.

The API for AKS Karpenter Provider is currently alpha (v1alpha2).

Documentation: https://github.com/Azure/karpenter

Maxime.