Stack Overflow
Stack Overflow

Questions tagged [azure-defender]

31 questions
3
votes
0 answers

mdatp_audisp_pl is consuming a lot of CPU

Microsoft defender audit plugin (mdatp_audisp_pl) is consuming excessively CPU resources (up to 40-50%) on a few Centos VMs on Azure Does a restart of this audit plugin harmless and can help ? Do you have any tips or solution ? Thank you in…
Cyril ROSINE
  • 71
  • 4
3
votes
1 answer

How Can I Tell If Microsoft Defender Has Scanned A Blob (a blob with no virus)

I'm looking into using Microsoft Defender for Cloud to use with Blob Storage. Ideally I'd like to: Upload to Storage Have Defender for cloud scan for viruses If there's an issue, remove it If there's NOT an issue, process it further. Step 3 is…
JsAndDotNet
  • 16,260
  • 18
  • 100
  • 123
1
vote
1 answer

Azure Sentinel (KQL)

I'm looking for a KQL query to transform data from the query: EmailEvents | where EmailDirection=="Inbound" such that the sample results (below) are transformed into the ideal results (further below) Sample results: TimeGenerated [UTC] - …
cokeburger
  • 17
  • 2
1
vote
1 answer

Azure Policy DeployIfNotExists fails to change values

I'm currently creating an Azure Policy that (is supposed to) deploys Microsoft Defender for Servers with Plan P1 if the current plan is different. Many subscriptions that I have currently have Microsoft Defender for Servers enabled, but use plan P2…
Leonardo Tavares
  • 13
  • 4
1
vote
1 answer

How to enable "Log Analytics agent/Azure Monitor agent" in Microsoft Defender for Cloud using Terraform?

How do I enable "Log Analytics agent/Azure Monitor agent" in Microsoft Defender for Cloud using Terraform? I have the below Terraform code however it does not enable this settings. resource "azurerm_security_center_subscription_pricing" "mdc_vm" { …
One Developer
  • 99
  • 5
  • 43
  • 103
1
vote
0 answers

Azure Defender for Cloud - AWS Connector: Failed to create security connector

We are attempting to set up Azure Defender for Cloud and connect our AWS environment. We have gone through the AWS account setup wizard and successfully applied the Cloud Formation Template provided. We have configured for single account and enabled…
Brandon Peterson
  • 11
  • 1
1
vote
1 answer

What happens when we enable defender for key vault?

We expect to enable Azure Defender for Key vault for approximately 200 key Vaults. I would like to know, Will there be any repercussions if I turn on Defender for Key Vault? Will this stop applications from reaching the vault? Has anyone ever…
Anjaneyulu kotakonda
  • 11
  • 2
1
vote
0 answers

SQL Server 2019: master db -- How to recreate ##MS_SchemaSigningCertificate in 2048 bits. VA1223

The new SQL Vulnerability assessments are flagging our database with "VA1223: Certificate keys should use at least 2048 bits" (FedRAMP…
jpwalters
  • 11
  • 2
1
vote
2 answers

Enable Azure Defender for all resource types using Azure Policies

For security reasons I do have to enable Azure Defender in the ASC for all resource types. Since we do have a lot of different subscriptions within Azure and the number is increasing we do have to configure an Azure Policy to enforce that. There…
MOE
  • 769
  • 6
  • 19
0
votes
1 answer

Kusto Query - Get a list all Security Recommendations groupedby Resource Groups

Kusto Query - Get a list all Security Recommendations groupedby Resource Groups, via Azure Graph Explorer. Link the types : type == 'microsoft.resources/subscriptions/resourcegroups' and type == 'microsoft.security/assessments' Get a report with :…
Edwin Orina
  • 3
  • 1
0
votes
0 answers

Azure Policy for Azur Key Vault does not seem to work/to be applied

I do have applied the built-in Azure Policy Key Vault keys should have an expiration date with a Subscription first and Resource Group scope then. The policy has Audit effect. I have created a new key in Key Vault without an expiration date.…
toto'
  • 1,325
  • 1
  • 17
  • 36
0
votes
1 answer

Bicep for configuring vulnerability assessment for sql server

I am trying to implement a remediation for secure score recommendation on sql server. It says it is enabled but my recommendation is not yet updated. Bicep module for the same resource sqlVulnerabilityAssessment…
Lucky
  • 81
  • 6
0
votes
0 answers

Defender for DevOps suppressions

In our yaml pipeline we are using the Microsoft DevOps security extension, which is part of the Defender for cloud suite. The extension flags some json content as exposed credentials, but it's actually not. I would like to add suppressions to ignore…
filip
  • 1,444
  • 1
  • 20
  • 40
0
votes
0 answers

Azure ContainerApps Security Updates

When building and deploying Azure Container Apps (ACA), the images specified in the dockerfile (or the base debian OS image that Microsoft uses) seem to carry security issues for periods of time. As an example, given: FROM…
pseabury
  • 1,615
  • 3
  • 16
  • 30
0
votes
1 answer

Azure Secure Over Time workbook shows no results after weeks

I am trying to deploy the workbook Secure Score Over Time for my client. This one: Workbook Name It sets this steps as needed to deploy it: To use this Secure Score Over Time workbook, you'll need to configure continuous export to export data to a…
Sergio D
  • 1
  • 1
1
2 3