You have an Azure subscription. You plan to create a workflow automation in Azure Security Center that will automatically remediate a security vulnerability. What should you create first?
Answer: C, an Azure Logic App
Reason: According to the documentation, workflow automation in Microsoft Defender for Cloud uses Logic Apps as the underlying automation platform. The Logic App needs to be created first as it defines the sequence of steps and actions that will be executed when security alerts or recommendations trigger the automation.
Reference: https://learn.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation
Since the question is asking also for remediating the vulnerability, we need something more than just a logical app.
The first thing is an automation account.
The Steps:
Create the Automation Account first. This sets up the environment where your remediation tasks (scripts) will be executed.
Create Remediation Runbooks in the Automation Account. These runbooks will contain the scripts that fix vulnerabilities.
Create a Logic App (optional) to trigger the remediation actions. You can have a Logic App listen for Azure Security Center alerts and then trigger the Automation Account's runbooks to perform the remediation.
Why Automation Account First:
Logic Apps will need the Automation Account to execute the remediation scripts.
Without an Automation Account, you cannot run the remediation runbooks, so it must be created before the Logic App can use it.
Answer: C
Explanation:
When you add a 'Add workflow automation' in step 2B of this create and assign workflow, you can either
select and existing Logic App or Create one, regardless it is needed for assigning an 'Add workflow
automation'
b. The triggers that will initiate this automatic workflow. For example, you might want your Logic App to run
when a security alert that contains "SQL" is generated.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/workflow-automation
FROM MICROSFOT:
This article describes the workflow automation feature of Microsoft Defender for Cloud. This feature can trigger consumption logic apps on security alerts, recommendations, and changes to regulatory compliance. For example, you might want Defender for Cloud to email a specific user when an alert occurs. You'll also learn how to create logic apps using Azure Logic Apps.
THE LA WILL TRIGGER BASED ON AN ALERT RULE.
THIS IS TRICKY ONE DEPENDING ON WHAT THEY ARE TRULY LOOKING FOR AS AN ANSWER. LOGIC APP IS CORRECT BUT WHEN THEY ADD THE WORD 'FIRST' I BELIEVE 'ALERT RULE' IS ACCURATE.
Under Azure Security Center (AKA. Windows Defender for Cloud) - Workflow automation - you will need to create a logic app to trigger (security alerts/recommendations/regulatory compliance) to users via email/azure resource manager roles etc.
No need to create any Run-As accounts or MI for this.
Done this a couple of times for my clients
Don't we need a (B) managed account first to be the authentication for the (C) Logic Apps?
Azure Automation does not automatically create the Run As account, it has been replaced by using managed identities.
https://learn.microsoft.com/en-us/azure/automation/automation-security-overview#managed-identities
https://learn.microsoft.com/en-us/azure/automation/enable-managed-identity-for-automation
https://learn.microsoft.com/en-us/azure/automation/quickstarts/create-azure-automation-account-portal
To create a workflow automation in Azure Security Center that will automatically remediate a security vulnerability, you should create an automation account first.
Here are the steps to create an automation account:
In the Azure portal, click on Create a resource.
Search for "Automation" and select "Automation" from the results.
In the Automation blade, click Create.
In the Create Automation Account blade, specify a unique name for the automation account.
Select a subscription, resource group, and location for the automation account.
Choose the "Yes" option for "Create Azure Run As account" to create a managed identity that will be used by the automation account to authenticate with Azure.
Review and accept the terms and conditions, and then click Create.
Once the automation account is created, you can create a new runbook to define the workflow automation for remediation of the security vulnerability. The runbook can be created using Azure PowerShell, Python, or other supported languages. You can also use pre-built runbooks available in Azure Automation to automate common security remediation scenarios.
After creating the runbook, you can create an alert rule in Azure Security Center to trigger the workflow automation when a security vulnerability is detected. The alert rule can be configured to trigger the runbook based on specific criteria, such as severity level, resource type, or location.
Azure Security Center and Azure Defender are now called Microsoft Defender for Cloud.
When Defender for Cloud detects a threat in any area of your environment, it generates a security alert. These alerts describe details of the affected resources, suggested remediation steps, and in some cases an option to trigger a logic app in response.
When you add a 'Add workflow automation' in step 2B of this create and assign workflow, you can either select and existing Logic App or Create one, regardless it is needed for assigning an 'Add workflow automation'
...
b. The triggers that will initiate this automatic workflow. For example, you might want your Logic App to run when a security alert that contains "SQL" is generated.
...
Ref: https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation
Agree. Also this article says the same:
https://docs.microsoft.com/en-us/azure/defender-for-cloud/regulatory-compliance-dashboard
"For example, you might want Defender for Cloud to email a specific user when a compliance assessment fails. You'll need to create the logic app first (using Azure Logic Apps) and then set up the trigger in a new workflow automation...."
If we assume the automation account has been created, C will be the answer.
upvoted 1 times
...
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
stonwall12
1 week, 3 days agogolitech
3 weeks agopentium75
6 months, 3 weeks agowardy1983
1 year, 3 months agoESAJRR
1 year, 5 months agoheatfan900
1 year, 5 months agoPupu86
1 year, 8 months agozellck
1 year, 9 months agoITTesters
1 year, 11 months agomajstor86
1 year, 11 months agoFal991l
1 year, 12 months agomajstor86
1 year, 12 months agoFal991l
1 year, 12 months agoFal991l
1 year, 12 months agoEltooth
2 years, 11 months agokoreshio
2 years, 4 months agobur88
2 years, 11 months agoamksa
3 years, 1 month agowooyourdaddy
3 years, 2 months agolicna
3 years, 1 month agoFal991l
1 year, 12 months ago