Why Azure's threat intelligence dashboard is so cool
OK I admit it. I am a total data whore when it comes to threat intelligence. I'm actually a bit jealous of the petabytes of security events that Microsoft gets to run through its cloud services on a regular basis. It must be a daunting challenge to filter through all that noise to elevate real signals of potential compromise.
But they've done it. Have you seen the threat intelligence dashboard in the Azure Security Center?
That's pretty damn cool. The dashboard is divided into four tiles:
Threat types. Summarizes the type of threats that were detected in the selected workspace.
Origin country. Aggregates the amount of traffic according to its source location.
Threat location. Helps you to identify the current locations around the globe that communicate with your environment. In the map shown, orange (incoming) and red (outgoing) arrows identify the traffic directions. If you select one of these arrows, the type of threat and the traffic direction appears.
Threat details. Shows more details about the threat that you selected in the map.
Regardless of which option tile you select, the dashboard that appears is based on the Log Search query. The only difference is the type of query and the result. What a great way to get to the heart of the matter very, very quickly.
I only wish Microsoft would make this type of information more accessible to developers. I would pay a monthly subscription just to be able to tap into that malicious IP database. Never mind the threat intel details.