Azure - Querying Azure Firewall with KQL
When working with Azure Firewall's the easiest way to query traffic is to enable the diagnostic settings on the Firewall and send the data to a Log Analytics Workspace where Kusto Query Language (KQL) can be used to analyse the traffic and rulesets.
Azure - Using Sentinel to find out who deleted an Active Directory user
Azure Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyse large volumes of data across your enterprise. It makes it easy to collect security data across your entire hybrid organization from devices, users, apps or servers within the cloud or on-premise.
When linked into all of your domain controller's security logs, it offers simple and powerful queries using the Kusto Query Language to quickly find out events such as who deleted or disabled an active directory user account.
Read more: Azure - Using Sentinel to find out who deleted an Active Directory user
Windows Server - Convert UEFI to BIOS without data loss (For free)
There is certain situations where you need to use Legacy BIOS rather than modern UEFI, one example is certain scenarios within disaster recovery in public cloud.
This of course causes huge pain in existing production workloads, this guide uses a combination of Linux and Windows to convert the GPT disk to MBR and UEFI to BIOS WITHOUT any data loss within VMware.
Read more: Windows Server - Convert UEFI to BIOS without data loss (For free)
Azure - Clearing the lock on a file within an Azure File Share
When trying to delete a file from within an Azure File Share that may has been mapped and also locked open you may get the following error when trying to delete the file:
"Failed to delete file path/name'. Error: The specified resource may be in use by an SMB client"
You will see this type of error on Storage v1 and v2 account types possibly in an FSLogix situation with the mapping of VHD and VHDX files. This article shows you how to utilise PowerShell to clear the lock.
Read more: Azure - Clearing the lock on a file within an Azure File Share
Azure - Setup Sentinel Alerts into a Teams Channel
When using Azure Sentinel as your security information and event manager (SIEM) platform, you do not always wanting to be having to check the incident dashboard for any incidents or have lots of emails clogging up your inbox.
Fortunately you can now configure a Sentinel Playbook which utilises a Logic App to trigger an alert into a Microsoft Teams channel of your choice.
Read more: Azure - Setup Sentinel Alerts into a Teams Channel
Azure - Stop and Deallocate a Windows VM using a Managed Identity
A simple and costly mistake which can often catch Azure administrators out is the 2 states a VM can be in when powered off, it will either be in a costly Stopped state or Stopped (deallocated) state, the difference is that when a VM is shutdown using the normal operating system method it goes into a Stopped state but although shut down the resources are still allocated to it and therefore the full costs are incurred as if the VM was powered on.
Learn how to initiate a shut down and deallocate from within the guest operating system using a system-assigned managed identity.
Read more: Azure - Stop and Deallocate a Windows VM using a Managed Identity
AWS - Port forwarding via an SSH tunnel to an EC2 using systems manager
AWS Systems Manager Agent is a software agent that can be installed and configured on public or private EC2 instances, on-premise servers or virtual machines. The agent makes it possible for Systems Manager to update, manage, and configure these resources. The following guide shows you how to securely use the SSM agent along with the Systems Manager API to use port forwarding via a tunnel to connect into your private EC2 without running bastion hosts/jump boxes and without opening inbound ports to the instance.
Read more: AWS - Port forwarding via an SSH tunnel to an EC2 using systems manager
Site to Site VPN between AWS and Azure
Multi-cloud architectures are an ever-increasing common design in the IT world and there will likely become a point when you want to setup a fast-direct resilient VPN connection between your public cloud providers such as Azure and AWS.
This article shows you how to configure a site to site VPN between AWS and Azure utilising the Internet Key Exchange version 2 (IKEv2) for the tunnel setup.
AWS - Dynamically visualise, audit and document your AWS environment for free
As AWS estates grow over time with expansions and adjustments it gradually becomes harder to understand, audit for security, visualise, document and analyse your environment.
Duo Security (now owned by Cisco) have developed and released an excellent Open source graphical tool called CloudMapper which allows you to achieve all the above within your AWS environment as well as a recent feature that allows it to be a continuous monitoring and auditing solution. Furthermore providing you comply with their licence, it is free.
This guide shows you how to setup the Duo CloudMapper with the demo data then link it into your AWS environment.
Read more: AWS - Dynamically visualise, audit and document your AWS environment for free