![]() It makes it easier to manage your resources if they're all in the same place. If I have resources outside of a particular resource group, if I delete that resource group the ones outside of it will still exist. A resource group in Azure is a logical grouping of tools, services, configurations and more that exist under one banner so they can be created and deleted at the same time (they share the same lifespan). Provisioning a VM can be a lengthy process so while I move on to the next step, my VM can be provisioned in the background.Īt this point in the VM creation process I need to make sure that I create a new Resource Group that all of my future resources will be under. The next thing I'll do is start the process of creating my virtual machines. Also included is the website I will be using for my IP geolocation data. The resources I'm using are not very resource heavy, so my credit can be used towards future projects. I will take advantage of the $200 credit I'll receive to do this project. ![]() The first thing I am going to do is create a Microsoft Azure account, this will be the cloud environment I'll use to provision my resources. This was a fun project and I hope anyone reading this appreciates the work that went into this project. ![]() I learned how to provision and configure resources in the cloud, how to read SIEM logs and much more. This project was done to gain experience with SIEMs, cloud concepts and resources, APIs, and Microsoft Azure. The PowerShell Script also sends the IP address of any failed logons to IPgeolocation.io via an API, so later that information can be used Microsoft Sentinel to map where the logon attempts originated from. I will be using PowerShell to scan Event Viewer in the exposed VM, specifically EventID 4625 which is failed logon attempts, and send that data to a logfile. This project will display the use of a few different tools and resources. I exposed a VM to the internet and used Azure Log Analytics Workspace, Microsoft Defender for Cloud, and Azure Sentinel to collect and aggregate the attack data and display it on a map in Microsoft Sentinel. Microsoft Sentinel Live Attack Demonstration Home Lab Description This is a walkthrough of how I used Microsoft Azure and created a virtual machine in the cloud running Windows 10.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |