Monitor and back up Azure resources Flashcards
What is Azure Security Center?
Azure Security Center is a service that manages the security of your infrastructure from a centralized location. Use Security Center to monitor the security of your workloads, whether they’re on-premises or in the cloud.
Security Center creates an agent on each supported virtual machine as it’s created. It then automatically starts collecting data from the machine. You use Security Center to reduce the complexity of configuring security in this way.
What is Azure Application Insights?
You use Azure Application Insights to monitor and manage the performance of your applications. Application Insights automatically gathers information related to performance, errors, and exceptions in applications. You also use Application Insights to diagnose what has caused the problems that affect an application. The following example shows a detailed breakdown of an exception and what caused it
What is Azure Monitor?
Azure Monitor is the service for collecting, combining, and analyzing data from different sources.
Azure Monitor is the service for collecting, combining, and analyzing data from different sources.
All the application log data that Application Insights collects is stored in a workspace that Azure Monitor can access. You’ll then have a central location to monitor and analyze the health and performance of all your applications
Through the Log Analytics feature in Azure Monitor, you analyze data by querying logs from your workspaces
What is Azure Sentinel?
You use Azure Sentinel to collect data on the devices, users, infrastructure, and applications across your enterprise. Built-in threat intelligence for detection and investigation can help reduce false positives. Use Sentinel to proactively hunt for threats and anomalies, and respond by using orchestration and automation
Notebooks
Notebooks are playbooks that can consist of investigation or hunting steps that you reuse or share with others. Use Azure Notebooks for Azure Sentinel to develop and run your notebooks. For example, you might use the Guided hunting - Office365-Exploring notebook to hunt for anomalous activities in Office 365 across your enterprise.
JIT
just-in-time (JIT) virtual machine access.
JIT is a feature that blocks persistent access to virtual machines. Your virtual machines are only accessed based on audited access that you configure.
Playbooks
Playbooks are automated procedures that you run against alerts. You configure a playbook in the Playbooks pane of the Azure Security Center menu. You create a playbook by configuring a logic app
Criteria for assessing Azure Sentinel
You use Azure Sentinel if:
You want a detailed overview of your organization, potentially across multiple clouds and on-premises locations.
You want to avoid reliance on complex and disparate tools.
You want to use enterprise-grade AI, built by experts, to identify and handle threats across your organization
Integration with Azure Security Center
Azure Security Center collects data from resources such as virtual machines by using the Log Analytics Agent. The agent gathers security-related information from resources like virtual machines, and puts it into a workspace that you can use for analysis. Information such as operating system logs and running processes are copied to the workspace, along with any crash dump files. Your workspace consists of multiple tables, each of which stores data from a specific source.
KUSTO
Queries for logs are written in the Kusto query language (KQL). A KQL query might look like this:
Basic metrics for Azure VMs
Azure can collect these metrics by default for hosted VMs without requiring you to install more software. To capture the boot diagnostics, you need to create and associate a storage account. You associate the storage account at the time you create your VM. Or, for an existing VM, you associate one later
Get more metrics
the Azure Diagnostics extension and the Log Analytics agent. Both tools are available for Windows and Linux.
Configure the Azure Diagnostics extension
If you need to capture more detailed performance metrics, or you need them in near real time, install the Azure Diagnostics extension. After it’s installed, you can configure it to capture what you need
The Azure Diagnostics extension allows you to collect real-time performance metrics from the guest operating system, along with log events, and store the results in an Azure storage account
az vm boot-diagnostics enable command. In PowerShell, you use the Set-AzVMBootDiagnostic command.