Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Module-13-Defender for APIs.md #916

Merged
merged 1 commit into from
Nov 13, 2024
Merged

Update Module-13-Defender for APIs.md #916

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 9 additions & 59 deletions Labs/Modules/Module-13-Defender for APIs.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

#### 🎓 Level: 300 (Advanced)
#### ⌛ Estimated time to complete this lab: 120 minutes
#### 💁 Author: Liana Anca Tomescu
#### 💁 Author: Walner Dort


## Objectives
Expand Down Expand Up @@ -87,14 +87,15 @@ Note: It will take up to 45 minutes for the API you just created to appear in De
4. Under Cloud Workload protections, ensure that the APIs plan is switched **On**.


![](../Images/api7new.png?raw=true)
![](../Images/api7.png?raw=true)

### Exercise 4: ONBOARD APIS TO DEFENDER FOR APIS
Next, you will onboard that API to be protected by Defender for API.
1. Navigate to the **Recommendations** pane in Microsoft Defender for Cloud
2. Under the category “Enable enhanced security features” select the recommendation **Azure API Management APIs should be onboarded to Defender for APIs**.
2. Type "Defender for APIs" within the search box and select the recommendation **Azure API Management APIs should be onboarded to Defender for APIs**.

<img width="940" alt="image" src="https://github.com/user-attachments/assets/f3399538-9ef1-4770-ad18-88b9b2ce19ab">

![](../Images/api8.png?raw=true)

3. In the recommendation **Azure API Management APIs should be onboarded to Defender for APIs**, tick the box of the API labs-test and echo-api that you would like to onboard, and click **Fix**.

Expand Down Expand Up @@ -152,13 +153,11 @@ Next, you will explore other Defender for API recommendations.

![](../Images/api17.png?raw=true)

4. Expand **Manage access and permissions, Enable enhanced security features and Implement security best practices**, to see the API recommendations that belong to these controls.
4. Select the recommendation **API Management services should use a virtual network**.

<img width="947" alt="image" src="https://github.com/user-attachments/assets/8be5a15d-7fc3-4c37-bbd7-f79d436d2c18">


![](../Images/api18.png?raw=true)

5. Select the recommendation **API Management services should use a virtual network**.
6. Explore this recommendation by looking at what’s displayed, such as **Unhealthy resources**.
5. Explore this recommendation by looking at what’s displayed, such as **Unhealthy resources**.

![](../Images/api19.png?raw=true)

Expand Down Expand Up @@ -227,52 +226,3 @@ After some time, Defender for APIs will trigger an alert with detailed informati
![](../Images/api28.png?raw=true)

Now you have successfully tested out Defender for API and triggered an alert.

### Exercise 7: EXPLORE THE DATA CLASSIFICATIONS COMING FROM MICROSOFT PURVIEW IN THE DEFENDER FOR API TILE
PREREQUISITE: Follow the [Microsoft Purview guidance](https://learn.microsoft.com/en-us/purview/sensitivity-insights) to enable sensitive data labels and data classifications for the API **API labs-test** in Microsoft Purview.

1. Navigate to the Microsoft Defender for Cloud’s **Workload Protections** pane (from the left-hand navigation bar).

![](../Images/api10.png?raw=true)

2. In the bottom part of the blade, under Advanced protection section, click the **API Security** tile at the bottom right.


![](../Images/api11.png?raw=true)

3. Select the **API labs-test**.


![](../Images/api12.png?raw=true)


4. Notice how the data sensitivity labels and data classification is now coming from what you enabled in Microsoft Purview.

![](../Images/purviewlabels.png?raw=true)


5. Select **GetSessions** endpoint name that you tested in Exercise 2 to see this endpoint’s **Resource Health** page.

![](../Images/api13.png?raw=true)

5. Explore the **Resource Health** page. Notice how the information available is the same as the information obtained from Microsoft Purview.

![](../Images/api14.png?raw=true)


## Exercise 8: Build query with Cloud Security Explorer
1. Open **Azure Portal** and navigate to **Microsoft Defender for Cloud** blade.
2. From Defender for Cloud's menu, open the **Cloud Security Explorer** page

![](../Images/apidcspm.png?raw=true)

3. Under Query templates, select a predefined query template **APIs communicating over unencrypted protocols with unauthenticated API endpoints** and click on **Open query**.

![](../Images/api29.png?raw=true)

4. Scroll to the top of the page, and hit **Search**.

![](../Images/api30.png?raw=true)

5. You will find the list of APIs that do not use TLS/SSL encryption, which are communicating with API endpoints that do not have any detected authentication.