Skip to Content

Use case on processing Azure Defender Security events

Oct 28, 2024
Nitin Mulchandani

Resolving security incidents effectively and efficiently is always a top priority for organizations.  Unresolved security incidents can trigger alarm within the organization, potentially undermining client trust. Furthermore, it’s essential to foresee potential future complications while addressing these security incidents.”

Below are a couple of use cases that will help us understand how to resolve security incidents effectively.

Problem statement

Consider a scenario where an application hosted on the cloud is experiencing cross-site scripting attacks or SQL injection attacks.

The team will create a security incident and assign to a security engineer. The security engineer should resolve the ticket in a timely and effective manner. When resolving incidents, security engineer may refer to the client’s internal knowledge base for relevant documents.

Solution approach

Application Architecture Design

Below is the architecture design, featuring the main services used:

Azure App service: Hosts the web application connecting to SQL Server

Azure SQL Server: Stores the application data

ServiceNow: Used for ticket resolution

Azure Function: Exposes all HTTP REST API through serverless functions

Azure OpenAI: Used for making calls to LLM models

Azure Cognitive service: Connects to the clients internal knowledge base which is hosted in Azure Storage

Azure Communication Services Email: Sends email notification to ServiceNow

Others: Application Insights, Azure Defender and Log Analytics are used for monitoring

To sum up the solution. When a security incident occurs, Azure Defender alerts are sent to Azure Open AI for resolution. Here, through prompt engineering, Azure Open AI can foresee potential future issues.

Once the incident resolution is obtained, ServiceNow is notified via email using Azure Communication services Email. A ticket is created in ServiceNow, and assigned to the security agent, along with the possible resolution.

If the agent needs to refer client internal documentation for any reference, a request is sent to Azure Open AI via Azure Functions, which retrieves from Azure Storage through Azure Cognitive services. The search results will be specific to the needs of the security agent.

By using these approaches, organizations can boost productivity boost and resolve tickets faster.

About the author

Nitin Mulchandani

Manager | India
Nitin Mulchandani is part of Sogeti, OneDeliver team working as an Architect for native app development. He is an Azure certified Architect. With 11+ years of experience in solution delivery, he has delivered multiple engagements for cloud native development for multiple clients across the USA and Europe.

Related Posts

Data Ownership in the Age of AI: The Impact of Data Governance

21 Nov 2024

Designing Data and AI architectures for a sustainable, energy efficient future

19 Nov 2024

Data Governance as the Cornerstone of AI Data Privacy

14 Nov 2024

Requirements Management in SAFe: When Good Frameworks Go Wrong

13 Nov 2024

The Ethical Imperative of Data Governance: Ensuring Data Quality for Optimal AI Performance

7 Nov 2024

How AI may improve government communication

6 Nov 2024

The Role of Regulatory Bodies in AI Governance and Oversight

24 Oct 2024

Whitepaper – Increasing elderly population drives demand for home care and self-health management

21 Oct 2024

Developing Effective AI Governance Structures: A Strategic Imperative

17 Oct 2024

Can synthetic data replace sensitive information in AI training?

15 Oct 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

Slide to submit