Hands-On Workshop: Building Better Detections | Azure Edition
This is a 2 hour hands-on workshop.
As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. In this workshop, we will work through the process of creating a detection that we can use as defenders to spot an adversary performing attack techniques against our Azure environments.
The overall process and takeaways will be:
- Establish proper logging to detect the adversarial activity
- Perform the attack to generate the appropriate artifacts
- Review the log event data
- Create an automated process to quickly discover this activity
- Test that the automated process is working effectively by “re-attacking” the Azure account
Prerequisites: Prepare for this webcast by watching the introductory webcast Building Better Cloud Detections... By Hacking? (Azure Edition)
System Requirements:
- A modern web browser, preferably Chrome
- An Azure account with Global Administrator access
If you need to setup an Azure account, you can create a free trial account with Global Administrator access at https://azure.microsoft.com. The cost will be minimal (pennies) to complete the workshop.
This content supports materials and concepts from SEC541: Cloud Security Attacker Technique, Monitoring, and Threat Detection
Speaker and Presenter Information
Relevant Government Agencies
Other Federal Agencies, Federal Government, State & Local Government
Event Type
Webcast
When
Tue, Feb 6, 2024, 10:00am
ET
Cost
Complimentary: $ 0.00
Website
Click here to visit event website
Organizer
SANS Institute