Versions Compared

Version Old Version 17 New Version Current
Changes made by

Laszlo Frazer

Laszlo Frazer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel6
outlinefalse
stylenone
typeflat
printabletrue

Purpose

An analyst wants to detect abusive resource consumption in Azure Virtual Machines.  Using the VM Metrics Azure collector to send CPU and disk usage to Devo, the analyst will find machines with too much resource usage.  As a result, the analyst will remove the malicious mining programs, preventing them from degrading service and stealing compute.

...

  1. Open Subscriptions.

    image-20250206-184445.png

  2. Select the correct subscription and note the subscription ID.

    image-20250206-184643.png

  3. Select Access control (IAM) in the left menu and click Add and Add role assignment.

    image-20250206-191214.png

  4. Select the Monitoring Reader role. REPLACE SCREENSHOT

    image-20250206-184900.png

  5. Click “Select members” and add the VM Metrics application.

    image-20250206-191511.png

...

In the Cloud Collector App, create an Azure Collector instance using this parameters template, replacing the values enclosed in < >.

Code Block
{
  "inputs": {
    "azure": {
      "credentials": {
        "client_id": "<CLIENT ID>",
        "client_secret": "<SECRET>",
        "subscription_id": "<SUBSCRIPTION>",
        "tenant_id": "<TENANT>"
      },
      "enabled": true,
      "id": "<UNIQUE ID>",
      "services": {
        "vm_metrics": {}
      }
    }
  }
}

The secret must be a secret value containing a tilde.

Secure It

Cryptominer

Detect excessive CPU usage , which may be caused by mining software that is stealing CPU.

...