In this tutorial, I’ll be describing the process of setting up Azure Sentinel (SIEM) as well as a Virtual Machine (VM) in the cloud which will function as a honeypot. This honeypot will be vulnerable to the internet, and we will be monitoring and logging attacks from different IP addresses from various countries around the world. We will then take that data and display it on a map so we can visually see where the attacks are coming from. The logging attacks will consist of failed Remote Desktop Protocol (RDP) logins.
Knowledge to gain after completening the lab:
a. Azure Portal
b. Azure Sentinel
c. Kusto Query Language (KQL)
d. Network Security Groups
Prerequisites:
- Estimated time to complete the tutorial: 1-1.5 hours.
- PowerShell Script for Azure – GitHub Link
- Azure Trial Free
- Sentinel Map Query – GitHub Link