Welcome to my site about (Microsoft) Technology, Sailing (creating polair diagrams, B&G Hydra/H2000, Fastnet bus) and about Robotics.

Latest Posts

  • Visualizing a Graph in Microsoft Sentinel

    In this Tutorial we will have a look at creating a simple Graph and visualize it in Azure Sentinel.

    I started exploring this for an Advent of Code

    ... Continue reading

  • MDC Enable Defender for Containers through Azure CLI

    Enabling the Defender for Containers on Microsoft Defender for Cloud through the Azure CLI

    ... Continue reading

  • Removing tenant level user access administrator

    An Azure AD administrator can give itself permission on all Azure Subscriptions. This can be seen on the IAM page of a subscription, where a User Access Administrator with scope ”/” is found.

    A person can only clear this in the UI for himself, not for another user. By using the Azure CLI, we can remove this permission

    ... Continue reading

  • Keeping track of App Registrations and Enterprise Apps

    In this post we will have a look at managing Enterprise Apps and App Registrations What do we want to add:

    • Add Owner of the app
    • Add description about the app
    ... Continue reading

  • Microsoft Sentinel Repositories to push CI/CD changes to Sentinel

    With the latest announcement (november 8th, 2021) on Repository support in Microsoft Sentinel, we now have a supported workflow to enable Continoud Deployment integration from Azure DevOps or GitHub: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/enable-continuous-deployment-natively-with-microsoft-sentinel/ba-p/2929413

    Out of the box the following content types are supported

    • Analytic rules
    • Automation rules
    • Hunting queries
    • Parsers
    • Playbooks
    • Workbooks

    But with some tweaks we can also deploy Sentinel Watchlist, with some issues regarding updating/deleting content

    ... Continue reading

  • Use LogStash to copy SQL table with audit logs data to Microsoft Sentinel

    The goal of this experiment was to get a LogStash instance running in Docker to copy on-premise SQL Server data to Sentinel. If your application is still emitting data only to a SQL table and no other sources are available, this is a trick to get data into Sentinel until a permanent solution has been created.

    This is a first experiment, so no production ready code:

     docker run --rm -it -p5044:5044 --env xpack.monitoring.enabled=false -v /mnt/c/Users/MyUserName/pipeline/:/usr/share/logstash/pipeline/ -d docker.elastic.co/logstash/logstash:7.10.0 sh -c "logstash-plugin install microsoft-logstash-output-azure-loganalytics ; /usr/local/bin/docker-entrypoint"
    ... Continue reading

  • AzureDevOpsAuditing with Sentinel

    Introduction

    Azure DevOps streaming was recently introduced. This allows you to directly get the Azure Audit logs into a SIEM solution like Azure Sentinel, without writing custom Powershell/Rest code.

    ... Continue reading

  • Moved my blog to jekyll

    Instead of upgrading my Orchard instances, I decided to move to Jekyll hosted on github pages.

    A cleanup of old content was done as well

    Some lessons learned:

    ... Continue reading

  • CISO's guide to Microsoft Secure Score

    Introduction

    (this post will be updated with new tips and tricks, and when changes happen on Secure Score)

    Microsoft offers a Scoring website for the IT Security status of it’s cloud services called Secure Score. This Secure Score (https://security.microsoft.com/securescore) mentions all the steps to take to enhance security.

    ... Continue reading

  • B and G Wind bearings replacement

    The official B & G bearings for the wind angle and wind speed are quite expensive. Why not buy some 3rd party bearings for 10% of the original price.

    Type: SFR2-5ZZ

    ... Continue reading

  • Azure API management tips & tricks

    Just some random notes on Azure API management:

    Parse JWT in Azure API management policy: @(context.Request.Headers.GetValueOrDefault("Authorization","").AsJwt()?.Subject)

    ... Continue reading

  • API Management DTAP lessons learned

    With API management we have seperate environments for Development, Test and Production.

    The best way to move an API from one environment to the other is through GIT at this moment.

    ... Continue reading

  • Troubleshooting IIS Client Certificate issues

    IIS has the option to require client certificates, but setting this up requires all settings to be set correctly.

    The question

    The customer question was that during a security audit, the server returned no root certificates, and not a list of trusted certificates. Error: No client certificate CA names sent

    ... Continue reading