Automating Remediation in Azure
Question
You are a SOC Analyst employed at a company that has set up cloud workload protection with Azure Defender.
You are in charge for remediating security alerts created by Azure Defender detections.
You get an alert regarding a container; the alert offers information to manually remediate the issue and what you can do in the future to stop further attacks.
You work with the infra team to resolve the issue.
The infrastructure team provides recommendation for making automated remediation tasks for future alerts regarding the same problem.
In order to automate remediation, which Azure technology can be leveraged?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: A.
![Deploy Workflow Automation for Azure Add workflow automation
Security Center recommendations General
Assign policy Name *
Basics [ Parameters | Remediation Review + create [ ]
Description
‘Specify parameters for this policy assignment.
‘Automation name *
[ ] Subscription ©
{ MayaProdtest2 wal
Resource group name *
i | Resource group * ©
l v]
Resource group location * ©
Vv
l J Trigger conditions ©
ecommendation IDs © Choose the trigger conditions that will automatically trigger the configured action
fa is Select Security Center data types *
[security center recommendations Z]
Recommendation severities * © recommendation name *
Vv
[Bseteced J [ All recommendations selected v]
Recommendation states * © Recommendation severity
[selected v] [ All severities selected v]
Logic App * © Recommendation state ©
[ vy) [ All states selected v]
Logic app trigger * ©
Actions
l |
Configure the Logic App that will be triggered.
Choose an existing Logic App or visit the Logic Apps page to create a new one
Show Logic App instances from the following subscriptions *
{ Contoso Hotels
Logic App name ©
{ Select a logic app
Refresh](https://eaeastus2.blob.core.windows.net/optimizedimages/static/images/Microsoft-Security-Operations-Analyst-(SC-200)/answer/imgs19.png)
Reference:
To automate the remediation of security alerts in Azure Defender, we can leverage Azure Functions. Azure Functions is a serverless compute service that enables the creation of event-driven, serverless compute solutions. It allows you to run small pieces of code or functions that can be triggered by events, such as the detection of a security alert.
Azure Functions can be integrated with Azure Defender to create automated remediation tasks for security alerts. When a security alert is triggered, the Azure Function can be triggered automatically to carry out the necessary remediation tasks. The function can use Azure APIs or other third-party APIs to interact with the resources affected by the security alert.
Azure Functions can be written in several programming languages, such as C#, Java, JavaScript, and Python. This makes it easy to create and customize remediation tasks according to specific requirements.
Azure Logic Apps is another Azure technology that can be used to automate remediation tasks for security alerts. It provides a visual workflow designer that can be used to create and orchestrate workflows that automate business processes and integrate with other services and applications.
Azure Batch is a service for running large-scale parallel and high-performance computing (HPC) batch jobs. While it can be used to run remediation tasks, it is not designed specifically for security alert remediation.
Azure Secure Shell is a web-based SSH client that allows you to connect to an Azure virtual machine or a Linux virtual machine running in Azure. It is not designed for automating remediation tasks for security alerts.
