I'm looking for someone who can spend a couple of hours coaching me on Azure security services and architecture. I come from an AWS and Open Source background and I'm struggling to understand how the security on Azure fits together so I can provide Azure security services to my clients.
Sample questions I'd like someone to help me answer are below:
I've examined the Azure Security Center Assessments and Alerts APIs, but what other Azure APIs would be needed for complete detection and remediation?
- Part of what I'm looking for is a way to identify and tag each MS cloud data source, as I want to know what the information that it is bringing in pertains to, i.e. Admin/Config or Incident Response.
For Security Alerts in Azure ATP, Microsoft Defender ATP, or other MS cloud security services, where would the data/events that triggered the Alert be found?
What permissions or access would be needed, and under what scope/audience, would I need the Azure Client to have in order to pull the information that I needed for the above use cases?
For alert/incident investigation, or for incident response, what would be the best approach:
- Direct access to the customer's Azure environment (possibly a shared account)
- An Azure service (possibly Lighthouse?) that provides an equivalent to direct access?
- Project Type:One-time project
Skills and expertise