Skip to content

Commit

Permalink
Merge pull request #916 from dortwalner/patch-4
Browse files Browse the repository at this point in the history 
Update Module-13-Defender for APIs.md
  • Loading branch information
@vapasula
vapasula authored Nov 13, 2024
2 parents 9026004 + 370eb32 commit f981f3d
Showing 1 changed file with 9 additions and 59 deletions.
68 changes: 9 additions & 59 deletions Labs/Modules/Module-13-Defender for APIs.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

#### 🎓 Level: 300 (Advanced)
#### ⌛ Estimated time to complete this lab: 120 minutes
#### 💁 Author: Liana Anca Tomescu
#### 💁 Author: Walner Dort


## Objectives
Expand Down Expand Up @@ -87,14 +87,15 @@ Note: It will take up to 45 minutes for the API you just created to appear in De
4. Under Cloud Workload protections, ensure that the APIs plan is switched **On**.


![](../Images/api7new.png?raw=true)
![](../Images/api7.png?raw=true)

### Exercise 4: ONBOARD APIS TO DEFENDER FOR APIS
Next, you will onboard that API to be protected by Defender for API.
1. Navigate to the **Recommendations** pane in Microsoft Defender for Cloud
2. Under the category “Enable enhanced security features” select the recommendation **Azure API Management APIs should be onboarded to Defender for APIs**.
2. Type "Defender for APIs" within the search box and select the recommendation **Azure API Management APIs should be onboarded to Defender for APIs**.

<img width="940" alt="image" src="https://github.com/user-attachments/assets/f3399538-9ef1-4770-ad18-88b9b2ce19ab">

![](../Images/api8.png?raw=true)

3. In the recommendation **Azure API Management APIs should be onboarded to Defender for APIs**, tick the box of the API labs-test and echo-api that you would like to onboard, and click **Fix**.

Expand Down Expand Up @@ -152,13 +153,11 @@ Next, you will explore other Defender for API recommendations.

![](../Images/api17.png?raw=true)

4. Expand **Manage access and permissions, Enable enhanced security features and Implement security best practices**, to see the API recommendations that belong to these controls.
4. Select the recommendation **API Management services should use a virtual network**.

<img width="947" alt="image" src="https://github.com/user-attachments/assets/8be5a15d-7fc3-4c37-bbd7-f79d436d2c18">


![](../Images/api18.png?raw=true)

5. Select the recommendation **API Management services should use a virtual network**.
6. Explore this recommendation by looking at what’s displayed, such as **Unhealthy resources**.
5. Explore this recommendation by looking at what’s displayed, such as **Unhealthy resources**.

![](../Images/api19.png?raw=true)

Expand Down Expand Up @@ -227,52 +226,3 @@ After some time, Defender for APIs will trigger an alert with detailed informati
![](../Images/api28.png?raw=true)

Now you have successfully tested out Defender for API and triggered an alert.

### Exercise 7: EXPLORE THE DATA CLASSIFICATIONS COMING FROM MICROSOFT PURVIEW IN THE DEFENDER FOR API TILE
PREREQUISITE: Follow the [Microsoft Purview guidance](https://learn.microsoft.com/en-us/purview/sensitivity-insights) to enable sensitive data labels and data classifications for the API **API labs-test** in Microsoft Purview.

1. Navigate to the Microsoft Defender for Cloud’s **Workload Protections** pane (from the left-hand navigation bar).

![](../Images/api10.png?raw=true)

2. In the bottom part of the blade, under Advanced protection section, click the **API Security** tile at the bottom right.


![](../Images/api11.png?raw=true)

3. Select the **API labs-test**.


![](../Images/api12.png?raw=true)


4. Notice how the data sensitivity labels and data classification is now coming from what you enabled in Microsoft Purview.

![](../Images/purviewlabels.png?raw=true)


5. Select **GetSessions** endpoint name that you tested in Exercise 2 to see this endpoint’s **Resource Health** page.

![](../Images/api13.png?raw=true)

5. Explore the **Resource Health** page. Notice how the information available is the same as the information obtained from Microsoft Purview.

![](../Images/api14.png?raw=true)


## Exercise 8: Build query with Cloud Security Explorer
1. Open **Azure Portal** and navigate to **Microsoft Defender for Cloud** blade.
2. From Defender for Cloud's menu, open the **Cloud Security Explorer** page

![](../Images/apidcspm.png?raw=true)

3. Under Query templates, select a predefined query template **APIs communicating over unencrypted protocols with unauthenticated API endpoints** and click on **Open query**.

![](../Images/api29.png?raw=true)

4. Scroll to the top of the page, and hit **Search**.

![](../Images/api30.png?raw=true)

5. You will find the list of APIs that do not use TLS/SSL encryption, which are communicating with API endpoints that do not have any detected authentication.

0 comments on commit f981f3d

Please sign in to comment.