If you are using Microsoft Azure Sentinel as your SIEM solution, may you face this question, How to keep logs as cold logs after 90 days? Because as you know the log retention on Azure Log Analytic Workspace (A Log Analytics workspace is a unique environment for log data from Azure Monitor and other Azure services such as Microsoft Sentinel and Microsoft Defender for Cloud.) is 90 days then you need a place to keep the logs for more than this time (Based on your internal log policy). So the solution is select logs that are 89 days old and send them to an Azure Storage Account (Azure storage account contains all of your Azure Storage data objects, including blobs, file shares, queues, tables, and disks.) to keep them for long period.Continue reading “Azure Sentinel – logs retention”
In the last post (Running Chechov as IaC scanner on Azure DevOps), we saw how we implemented an IaC scanning by the Checkov. As you may know, we have some limitations on that implementation. The first obstruction is we can use that one as a solution for scanning whole a terraform code repo because the checkov only searches for terraform code in the current directory. Yeah, the Checkov has this limitation that we can set a switch to scan the entire repo. But we have a solution to make it possible!
And the answer is to execute a bash code to crawl a repository and find the Terraform files and run the Checkov for any of the found files. let see how we can manage it.
These days implementation and maintaining infrastructure is easy by using IaC (infrastructure-as-code) solutions, can make a code for doing a job once and use it repeatedly. But did you consider security when you write a code block? If you want to make sure about the security level of your Code, you must have an IaC scanner which is a Static Code Analysis tool. Let’s check Checkov as a tool for IaC scanning.
What is CheckOV?
Continue reading “Running Chechov as IaC scanner on Azure DevOps”
Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation, Kubernetes, Dockerfile, Serverless or ARM Templates and detects security and compliance misconfigurations using graph-based scanning.Checkov’s Github reop
As you may know, we started a project under the OWASP organization to prepare a guideline for DevSecOps. The project goal is to prepare documentation describing the steps we need to achieve a secure development pipeline and compare tools and solutions we can use to make it happen.
The main part of the project steps explanation and tools comparison. We want to clarify what you need to achieve an accurate DevSecOps pipeline and how you can do it! Since we have many tools for doing this in the plat, we should consider which one is better for us based on our environment, other tools, development stack, and budget.
If you’re interested in this topic and enjoy knowledge sharing, so join us, Your PR is always welcome 😀
In the following, you can find more information about the project:
Thanks in advance