Does anyone know if there exists any kind of fully worked example of a secure, fully monitored linux VM?
I’m still trying to wrap my head around Azure Security Center/Azure Defender/Log Analytics Workspaces and the different agents, I may have completely misunderstood something but what I think I’m looking for right now is something that includes;
- Create Log Analytics Workspace to my preferred naming convention
- Enable Azure Defender for Servers with Auto Provisioning of Log Analytics agent to above Workspace
- Collect logs from journald/syslog
- Enable vulnerability assessment (Qualys)
- Unattended updates
- Minimal NSG to allow the above to function
- Azure Firewall (optional-ish, very expensive for a small example)
- Anything else important I forgot…
When writing this out I start to wonder if I should perhaps disable the auto provisioning of the log agent and manage the extension manually. What are other people doing to create secure and monitored VMs with terraform?