GA: Enhanced Kubernetes (K8s) Alert Documentation and Simulation Tool

November 2024 Update

GA: Enhanced Kubernetes (K8s) Alert Documentation and Simulation Tool
GA: Enhanced API security support for multi-regional Azure API Management deployments and managing API revisions

Enhanced Kubernetes (K8s) Alert Documentation and Simulation Tool
Key features

• Scenario-based alert documentation: K8s alerts are now documented based on real-world scenarios, providing clearer guidance on potential threats and recommended actions.
• Microsoft Defender for Endpoint (MDE) integration: Alerts are enriched with additional context and threat intelligence from MDE, improving you the ability to respond effectively.
• New Simulation Tool: A powerful simulation tool is available to test your security posture by simulating various attack scenarios and generating corresponding alerts.

Benefits

• Improved alert understanding: Scenario-based documentation provides a more intuitive understanding of K8s alerts.
• Enhanced threat response: Alerts are enriched with valuable context, enabling faster and more accurate responses.
• Proactive security testing: The new simulation tool allows you to test your security defenses and identify potential vulnerabilities before they are exploited.

Enhanced API security support for multi-regional Azure API Management deployments and managing API revisions

API security coverage within Defender for Cloud will now have full support for Azure API Management multi-region deployments, including full security posture and threat detection support to both primary and secondary regions

Onboarding and offboarding APIs to Defender for APIs will now be managed at the Azure API Management API level. All associated Azure API Management revisions will automatically be included in the process, eliminating the need to manage onboarding and offboarding for each API revision individually.

This change will include a one-time rollout to existing Defender for APIs customers.

Rollout Details:

• The rollout will occur during the week of November 6 for existing Defender for APIs customers.
• If the 'current' revision for an Azure API Management API is already onboarded to Defender for APIs, all associated revisions for that API will also be automatically onboarded to Defender for APIs.
• If the 'current' revision for an Azure API Management API isn't onboarded to Defender for APIs, any associated API revisions that were onboarded to Defender for APIs will be offboarded.