Post

Azure HomeLabs

Posted Updated
By isaac park 1 min read

This is my homelab for Azure detection by making a fake threat

  1. First create resources group resource_group.png

  2. Creation OF VM and setting it up create.png

VMSetup.png

vmdone.png

  1. make sure to enable defender in azure

Enable.png

Workload.png

  1. Time to connect, during this time to enable just in time and allow access to your local machine

Time.png

connect.png

timepart2.png

  1. Time to use Sentienal, Cool name aint it haha

setup_sentinel.png

sentinel.png

There are going to two logs

Sentinel-log.png

Sentinel-logs1.png

Make sure you do Window Security event, It may have a different title every time.

time to configure some rules

customrule.png

creationrule.png

  1. Time to remote in my vm from my local host

RDCVM.png

Enabling Security and 4624

4624.png

We going to set up the logs for the setting it up automatically.

1
2
3

SecurityEvent
| where EventID == 4624
| project TimeGenerated, Computer, AccountName
  1. Setting up the Bait localsecuritypolicy.png

strigger.png

tasks.png

entity.png

Completetion.png

FINISHED

homelab, azure
homelab azure
This post is licensed under CC BY 4.0 by the author.