msandbu

Citrix (CVAD) vs Azure Virtual Desktop – Part One

A long time ago I wrote a blog post around Microsoft RDS vs Citrix XenDesktop at the time where I looked at the overall functionality and end-user experience, which you can read about here  https://msandbu.org/so-why-choose-citrix-over-microsoft-rds-2/ (and now fast forward to 2022 not much of that is that much relevant anymore.) A Couple of weeks ago I saw …

Citrix (CVAD) vs Azure Virtual Desktop – Part One Read More »

Streaming of audit logs from Oracle Cloud to Microsoft Sentinel

With the recent announcement of a new partnership between Microsoft and Oracle for Oracle database services, I wanted to look further into setting up log collection from Oracle Cloud to Microsoft Sentinel. When I started digging there wasn’t much information available (except some minor blog posts from the Oracle side, but I wanted to use …

Streaming of audit logs from Oracle Cloud to Microsoft Sentinel Read More »

Cross Analytics queries with a multitenant Azure Sentinel setup

I was currently in a project where we needed to have a multi-tenant Microsoft Sentinel environment. We had multiple Sentinel / Log Analytics workspaces where we needed to do cross queries to look at the datasets which is typically the case with MSSP environments. When it comes to using Microsoft Sentinel as a multi-tenant solution such as …

Cross Analytics queries with a multitenant Azure Sentinel setup Read More »

Microsoft Sentinel – Kusto queries for Killnet and geo lookup

Yesterday, many Norwegian websites were targeted in a DDoS attack by an activist group called Killnet as you can read more about here –> Norway hit with cyberattack, temporarily suspending service (yahoo.com) Killnet does primarily DDoS attacks using either flooding with POST or GET operations on layer 7 or TCP SYN flood attacks on layer 4. …

Microsoft Sentinel – Kusto queries for Killnet and geo lookup Read More »

Distributed applications monitoring with Serverless360

One of the things I do miss from the old days with System Center Operations Manager, was the ability to create distributed applications. Which allowed us to drag components together that was monitored as a service. This could be components like Hardware Network components Windows Servers TCP Probes or HTTP probes Which then was grouped …

Distributed applications monitoring with Serverless360 Read More »

Private Endpoints – SNAT – UDR and Azure Firewall

When using PaaS services in a hub-and-spoke architecture a best-practice approach is to use Private Endpoints for accessing those services. This allows us to ensure that these services are only available internally in the Azure VNET and not publicly available. For instance, with this example below. Where we have a private endpoint to a storage …

Private Endpoints – SNAT – UDR and Azure Firewall Read More »

The curious case of Azure Managed Identity and a compromised virtual machine

Last week I got contacted by a customer who was a bit stressed because someone had tampered with their environment in Azure, and they had no idea who it was and what they have been doing. Before I begin going through the details, it should be noted that in this environment I had little monitoring …

The curious case of Azure Managed Identity and a compromised virtual machine Read More »

Scroll to Top