Overview This project aims to take my original AWS project from my self-taught course and turn this into a fully deployed solution. The original iteration of this project consisted of an EC2 Instance with a local database and two security groups, one that allowed connections to the game server auth and world ports and a security group for SSH and MySQL. User account management was done by myself via logging into the EC2 instance directly and manually creating the user account. This was used to host game services for friends. I aim to use the skills learned in this class to build a cloud environment that is segmented, secure, and has visibility. ...
Introduction One of my main focuses for this project was the idea of deploying a cloud SIEM solution. Sentinel is Azure's SIEM solution with a full stack of security resources to enable security and monitoring of Cloud and On-Premises deployments. Sentinel uses a series of data connectors to gather data and log analytics workspace to ingest and visualize data. The main service Sentinel uses the Log Analytics Workspace. This workspace holds the data gathered from the endpoints in the network so Sentinel can review, and flag logs as instructed. Most Azure services can use Microsoft Defender for Cloud, which feeds data to Log Analytics. To generate logs, Sentinel alerts, and Sentinel incidents, I need a system that will be exploitable. To accomplish this, I am using an Ubuntu VM running a Linux Apache PHP Stack and a MySQL Azure Database; with these two services, I will be able to host DVWA or "Damn Vulnerable Web Application," which is filled with various web application vulnerabilities. And the last key component of this project is the Azure Web Application Firewall in detection mode because prevention will immediately stop the exploitation of endpoints. I aim to build a test environment and exploit the underlying database, which will Send Alerts from the WAF, VM, and DB; through these alerts, I can automate the creation of an incident. ...