On-Demand Webcast with Ultimate Windows Security & Rapid7
With on-prem technology, there are many different kinds of log sources, each with their own format and unfortunately, it’s the same story in the cloud. In this real training for free event, we will rview 8 different real-world security events that can or could be happening in your organization’s cloud resources.
- Storage account accessed via stolen key
- Privileged logon to Azure Resource Manager with stolen password
- Windows level intrusion of Virtual Machine
- Azure SQL Database level intrusion
- Backdoor account created in Azure AD
- Traffic restriction loosened on Virtual Network
- Subscription Administrator added
- CEO’s mailbox accessed by another user
For each of these incidents, we will show you where and how this gets logged. In addition to selecting incidents for their possibility and risk, we’ve also sought to span the breadth and depth of the Azure/O365 stack including infrastructure, platform, storage, database and application as a service. Because that’s the real world and it shows how fractured your overall audit trail of activity really is. We’ll be looking at logs such as:
- O365 management activity
- Azure Active Directory logs
- Azure Resource Manager activity
- SQL Audit logs
- Storage Account access logs
- Azure AD sign-in logs
- Mailbox audit logs
- Virtual Machine Windows Security Logs
We will identify how you ensure auditing is enabled for each of these areas, options for collecting each log type and we’ll endeavor to have an actual example of each one of the events so that you can see what they really look like and what data they provide. This is going to be a down and dirty logging deep dive.
Today’s security monitoring and the technology you depend on like SIEM and log management, need to bring together on-prem and cloud-based logs so that you can see what’s happening at every level and component, regardless where it’s deployed. That’s where Rapid7, our sponsor, comes in. Alex Teng and Felipe Legorreta will show you how Rapid7’s cloud SIEM, InsightIDR, automatically applies security analytics to data across your modern network—on-premises, remote workers, SaaS, and IaaS.