...
In Azure, search for Entra ID.
Click App registrations in the left menu and click the app (or Service Principal) that you are going to use.
Register the application
In the Overview area, find the Application (client) ID and the Directory (tenant) ID.
Click Certificates & Secrets on the menu and create a new client secret by clicking the New client secret button.
Add the secret.
...
In the Cloud Collector App, create an Azure Collector instance using this parameters template, replacing the values enclosed in < >.
| Code Block |
|---|
Secure It
Cryptominer
Detect excessive CPU usage, which may be caused by mining software that is stealing CPU.
| Code Block |
|---|
from cloud.azure.vm.metrics_simple where eq(metricName,"Percentage CPU"), isnotnull(average)
group every 1h by resourceId select avg(average) as cpu_percent
where cpu_percent>90 |
Load balancer
A malicious user has gained access to Azure Load Balancer. Unbalancing network load would be a devious way to degrade service and increase costs. Check if the network load has become unbalanced.
| Code Block |
|---|
from cloud.azure.vm.metrics_simple
//Traffic going in and out.
where endswith(metricName,"Flows")
//Each collector corresponds to an Azure subscription.
//Group by collector under the assumption that each subscription should be load balanced.
group every 1h by split(hostname,"-",1) as collector,metricName,resourceId select avg(average) as average
group every 1h by collector,metricName select stddev(average) as deviation_across_resources
//If the deviation_across_resources has increased, load balancing has been disrupted. |
Monitor It
Create an inactivity alert to detect interruptions of transfer of data from the source to the SQS queue using the query
...