Skip to content

Welcome to Building Detections in Azure

Description

In this workshop, you will work through the following detection-building process in an Azure environment:

Detection Build Process

We will conduct the following exercises:

  • Exercise 1: Deploy cloud resources with Terraform to support both the attack and some of the automation that will be used in later exercises
  • Exercise 2: Set up appropriate logging for monitoring our cloud resources
  • Exercise 3: Attack our infrastructure to create a true-positive match to our detection technique
  • Exercise 4: Use Kusto Query Language (KQL) to built a query to catch the true-positive and create an analytics rule with automation
  • Exercise 5: Test the detection and automation (with a bonus response action)
  • Exercise 6: Cleanup of the workshop resources