If like me you are using Azure Container Registry (ACR) to store your container images you may want to scan them for vulnerabilities. Now you can thanks to the Azure Security center standard tier. In this blog post, I will show you how to go about setting up your Azure Security center to Scan your images. But first, lets have a look at how this all works. How does it works? So, how does this work, well basically once you enable this via Azure security center and push an image to your registry a webhook is used to let Azure security center know to kick off a vulnerability scan. This will then use Qualys to do the scanning. At the time of writing, only Linux containers are supported. Hopefully, windows containers will come soon. Below is an image from the Microsoft docs site that might help explain it better. https://docs.microsoft.com/en-us/azure/security-center/azure-container-registry-integration Enough how to, lets get to it. As you probably know Azure Security center can cost a bit, but luckily you can pick and choose the bits you would like to move to the standard tier. To just enable ACR image scanning follow the steps below. First in the Azure portal go to the Security center. In here click Coverage it’s on the left under Policy & Compliance. Now click on Edit Plan next to the subscription that has your ACR. Now, If you have not enabled the Standard plan before you will need to by clicking the big Standard Button. Then you will need to Disable all of the Plans apart from Container Registries. You should have something like…

In this article, I will walk you through how to enable and scan your container images in Azure Container Registry (ACR) with Azure Security Center, and then simulate a scan for a vulnerable container image. Contents of this Article Introduction Azure Security Center gives you complete visibility and control over the security of hybrid cloud workloads, including compute, network, storage, identity, and application workloads. Azure Security Center (ASC) has two mains value proposition: Cloud Security Posture Management (CSPM) – Help you prevent misconfiguration to strengthen your security posture for all different types of cloud workloads and resources in Azure (IaaS, PaaS, and SaaS). Cloud Workload Protection Platform (CWPP) – Protect against threats for servers whether they are running in Azure, on-premises or different clouds such as Amazon AWS or Google GCP, in additional to cloud-native workloads such as Web Apps, Kubernetes, Key Vaults, as well as for SQL databases (PaaS/VM) and storage accounts. Azure Container Registry (ACR) is a managed, private Docker registry service that stores and manages your container images for Azure deployments in a central registry. It’s based on the open-source Docker Registry 2.0. To learn more about Azure Container Registry, please check the official documentation here. Azure Defender is an evolution of the threat-protection technologies in Azure Security Center, protecting Azure and hybrid environments. When you enable Azure Defender from the Pricing and settings area of Azure Security Center, the following Defender plans are all enabled simultaneously and provide comprehensive defenses for the compute, data, and service layers of your environment: Vulnerability Assessment is one of the advanced protection that is included in Azure Security Center…

What is the Definition of SIEM? Security information and event management (SIEM) is a set of tools and services that combine security events management and security information management capabilities to enable analysts to review log and event data, understand and prepare for threats, and retrieve and report on log data. What is the Purpose of a SIEM? Today’s businesses are composed of many types of applications, databases, devices and users. These complex environments can provide many places where advanced or novice adversaries can operate undetected for months or even years. This problem is caused by a lack of visibility into the environment. SIEMs provide visibility into malicious activity by pulling data from every corner of an environment and aggregating it in a single centralized interface, where it can be used to qualify alerts, create reports and support incident response. Who Needs a SIEM? Any company that is concerned about data security is a suitable candidate for a SIEM. Organizations subject to regulatory compliance, such as retailers and healthcare providers, particularly benefit from a SIEM because SIEMs ease compliance audits. However, only slightly more than half of organizations that say they need a SIEM actually use one. Despite the fact that cybersecurity budgets continue to increase, filling the positions necessary to make a SIEM worthwhile remains challenging. Forty-four percent of organizations report difficulties in achieving the benefits their SIEMs could provide because of a lack of on-staff expertise. An option for companies like these is to engage a third-party provider, such as a managed security services provider (MSSP) or SIEM-as-a-service, to operate their SIEM on…

Cloud security posture management (CSPM) automates the identification and remediation of risks across cloud infrastructures, including Infrastructure as a Service (IaaS), Software as a Service (Saas), and Platform as a Service (PaaS). CSPM is used for risk visualization and assessment, incident response, compliance monitoring, and DevOps integration, and can uniformly apply best practices for cloud security to hybrid, multi-cloud, and container environments. Why is CSPM So Important? Over the course of a day, a cloud may connect and disconnect from hundreds or even thousands of other networks. This dynamic nature makes clouds powerful, but it also makes them hard to secure. And as a cloud-first philosophy becomes the norm, the problem of securing cloud-based systems becomes more acute. Traditional security doesn’t work in the cloud because: there is no perimeter to protect manual processes cannot occur with the necessary scale or speed the lack of centralization makes visibility extremely difficult to achieve While cloud-based computing delivers overall cost benefits, the security piece of that puzzle can eat into the ROI, as there are so many pieces that need to be managed – microservices, containers, Kubernetes, serverless functions, etc. The infamous cybersecurity skills gap is highly relevant here, as 

So, you have a Kubernetes cluster. Let’s make sure you know how to see what’s going on inside. In this blog post, you’ll learn how to review logs from Kubernetes and what you may want to be running in it. Start by Looking at the System The first thing you may want to look at is how the Kubernetes master and nodes are behaving. The Kubernetes master controls the entire cluster—what’s running where and what needs to be provisioned—in coordination with the worker nodes. There are three log files you can look at in the master node: /var/log/kube-apiserver.log– API Server, responsible for serving the API /var/log/kube-scheduler.log– Scheduler, responsible for making scheduling decisions /var/log/kube-controller-manager.log – Controller that manages replication controllers These are the two log files you can look at on worker nodes: /var/log/kubelet.log– Kubelet, responsible for running containers on the node /var/log/kube-proxy.log– Kube Proxy, responsible for service load balancing These logs tell you what’s going on and what can be helpful in troubleshooting problems with the master node. These logs sadly can’t be looked at through the kubectl command but instead need to be looked at directly from the machine. Depending on where you’re hosting the machine, you may have to SSH into the node directly. You can also use one of the many different logging consoles or aggregation services out there. Since a lot of Kubernetes clusters are now being hosted in your cloud provider of choice, those master logs are a little bit trickier to get to. Most cloud providers will provide the logs through their logging interface. This means you don’t need…

Viewing, finding resources https://kubernetes.io/docs/reference/kubectl/cheatsheet/#viewing-finding-resources # Get commands with basic output kubectl get services # List all services in the namespace kubectl get pods --all-namespaces # List all pods in all namespaces kubectl get pods -o wide # List all pods in the current namespace, with more details kubectl get deployment my-dep # List a particular deployment kubectl get pods # List all pods in the namespace kubectl get pod my-pod -o yaml # Get a pod's YAML # Describe commands with verbose output kubectl describe nodes my-node kubectl describe pods my-pod # List Services Sorted by Name kubectl get services --sort-by=.metadata.name # List pods Sorted by Restart Count kubectl get pods --sort-by='.status.containerStatuses[0].restartCount' # List PersistentVolumes sorted by capacity kubectl get pv --sort-by=.spec.capacity.storage # Get the version label of all pods with label app=cassandra kubectl get pods --selector=app=cassandra -o

Building Docker images and configuring your dockerized apps doesn’t have to be a try-fail-repeat Google extravaganza. This article will help you work with Docker ARG, ENV, env_file and .env files with confidence. The only prerequisite: make sure that you’re comfortable with the basics of Docker. Read on and you will understand how to configure your Docker images and dockerized apps with ease - with the power of Docker build-time variables, environment variables and docker-compose templating. Frequent Misconceptions This is a long, in-depth read. Let’s start with something you can use right now, without having to read the whole thing! Here’s a list of 

$tenantId ="<tenant id>"#use the goabl admin account to login Connect-AzureRmAccount -Tenant $tenantId$certificateObject = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2$certificateObject.Import("E:\Cert\examplecert.pfx","Password0123!", [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet)Write-Host "the thumbrint of cert"$certificateObject.Thumbprint$keyValue = [System.Convert]::ToBase64String($certificateObject.GetRawCertData())$sp =New-AzureRmADServicePrincipal -DisplayName "jimtestsample" -CertValue $keyValue -EndDate $endDate$context=Get-AzureRmContext$token=$context.TokenCache.ReadItems() |Where-Object { ($_.TenantId -eq $tenantId) -and ($_.Resource -eq "https://graph.windows.net/")  }$accesstoken=$token.AccessToken$url = "https://graph.windows.net/$tenantId/servicePrincipals/"+$sp.Id+"/keyCredentials?api-version=1.6"$keyCreds = Invoke-RestMethod -Uri $url  -Method Get -Headers @{"Authorization" = "Bearer $accesstoken"}Write-Host "--------------------------------------------"$keyCreds.value | Select-Object customKeyIdentifier

FROM > https://goodbyegangster.hatenablog.com/entry/2019/10/09/231611 自己署名証明書をPowershellで作成できるようなったらしく、最近ではそいつを使うのが一般的みたいです。その方法の備忘録。WEBサーバで利用できるSSL証明書を作成します。 Powershellバージョン Windows 10 Include Windows Server 2016 Include Windows Server 2019 Include 実行方法 管理者権限でPowershellプロンプトを起動して、以下コマンドを実行しています。

PowerShell can be used as a REST client to access Azure REST API's. To access Azure REST methods, you will need to have access to subscription with Azure AD App Registration. If you haven't done Azure AD App registration. You can follow this article here. Make sure you capture client secret key after app is registered. Once you have tenant id, client id, client secret, and subscription id you can proceed forward with below instructions. To make life easier, I have checked in my PowerShell code to Github. Feel free to download them and modify it to your needs. In this tutorial, I will go over how to get resource groups from Azure REST API. One of the basic CRUD operation, I will perform. Create a file called Get-AzureResourceGroup.ps1. Let's create required variables. Make sure to fill in required variables from your Azure subscription. Variables # Variables $TenantId = "" # Enter Tenant Id. $ClientId = "" # Enter Client Id. $ClientSecret = "" # Enter Client Secret. $Resource = "https://management.core.windows.net/" $SubscriptionId = "" # Enter Subscription Id. Once you have updated above required values. Let's make a first REST call to get access token. We will use below URL to make a REST call to get access token. POST https://login.microsoftonline.com/{tenantId}/oauth2/token Request Access Token Add following code to your PowerShell script after variables. $RequestAccessTokenUri = "https://login.microsoftonline.com/$TenantId/oauth2/token" $body = "grant_type=client_credentials&client_id=$ClientId&client_secret=$ClientSecret&resource=$Resource" $Token = Invoke-RestMethod -Method Post -Uri $RequestAccessTokenUri -Body $body -ContentType 'application/x-www-form-urlencoded' Write-Host "Print Token" -ForegroundColor Green Write-Output $Token After you have retrieved the access token, we will use that to authorize…