Vulnerability Data AI Enrichment - GO
Overview
This blog post is about exporting Defender for Cloud vulnerabilities and running them through OpenAI to enrich the data so we are able to get more out of it. A lot of times in the Defender for Cloud portal you can click on a recommendation and it will give the description and how to remediate. By running it through OpenAI API we can provide better descriptions, remediation, and even get the potential impact of someone exploiting it. I will put a link to the GitHub on the bottom of this post.
I have been learning Golang (Go) because I want to learn a language where code can get compiled into binary and is a little faster to run then Python. Go seemed like a good option since a lot of …
Azure - P2S Azure VPN with Terraform
Architecture Overview
This is a blog post about setting up a Point-to-Site VPN inside Azure with a Hub and Spoke architecture. Lets have a quick overview of what we are trying to build here. First thing is we want a way for a user to be able to connect into our network securely with a VPN that they sign into with their Entra ID account. We want all traffic to pass through a firewall so we can create rules to whitelist connections. And lastly we need the user to be able to access multiple spokes from the VPN that is in the central Hub.
So lets look a simple diagram that I created with Draw.io. I’m not exactly an artist but this diagram should be good enough for people to get a quick grasp of w…
Azure - Pulumi Infrastructure Part 5
Application Gateway and Network Security Groups
Basically everything is set up now. All I need to do now is create the application gateway and attach my SSL certificate to it so people can access the web app by going to cybauer.com. Once I get the application gateway set up I am going to set up network security groups for each subnet so I can lockdown the network access to everything and make sure only approved connections are getting through.
Application Gateway
There are two ways to attach certificates to the application gateway. The first is to store the certificate in a key vault and give the application gateway a user assigned managed identity with a role that allows it to grab the cert. …