In this short blog post, it’s time to dig deep into security DevOps kit tool called AzSk. Earlier this year I wrote two posts related to the same tool. If you are interested to read posts, these are found from underneath links below:
- How to send AzSk scanning data to Log Analytics
- Build Continuous Assurance With Azure DevOps Kit AzSk Tool
The tool is diverse and there are a total of six different scenarios where it can be used. In this blog post, I’m covering the last part, “Cloud Risk Governance“.
The idea is to send security telemetry from all stages to Application Insights created by Secure DevOps kit aka AzSk, This naturally helps an organization to get better visibility of applications and components security state.
Currently, the configuration needs to be done per machine. Organizational level support is coming on next months (related to AzSk team information).
What you need to get this working?
- Application Insights instance where data will be sent
- Configure the AzSK to send data to App Insights.
Application Insights Configuration
Navigate to portal.azure.com, select Azure Monitor and create Application Insights. Only subscription, resource group, name, and regions are needed parameters.
When Application Insights is ready to copy the Instrumental key for the next command, it’s needed to configure AzSK to send data to Application Insights.
One line of PowerShell is needed to configure AzSK to send data.
Set-AzSKLocalAIOrgTelemetrySettings -LocalAIOrgTelemetryKey 'Insert Instrumental Key here> b71e403a-e8fc-4987-9299-16fb40f4f569' -EnableLocalAIOrgTelemetry $true
That’s it! Next time when you run the scans data will be sent to App Insights where it can be found underneath the “search” tab from the main blade.
Type “Control Scanned” to the search field to find AzSK related events.
And if you are ever wondering what in the earth you have configured to your AzSK tool run this oneliner: Get-AzSKInfo -InfoType hostinfo which will show your AzSK local configuration.
Until next time!