Crash Dump Analysis in Azure Security Center
For five years I worked at Microsoft CSS Security as Support Escalation Engineer, back in the ISA/TMG days and part of my job during that time was to analyze memory dump files (here an old example of those ISA days - good times). There were many scenarios where analyzing a dump file was the only way to understand the root cause of an issue. Nowadays, with the proliferation of malware, dump analysis can also assist you to identify suspicious activities caused by a piece of malware. One of the capabilities available in Azure Security Center is to automatically analyze crash dump files created in the virtual machines monitored by Azure Security Center. I talked briefly about this capability in my interview for Taste of Premier (Channel9) released today, you can watch it here.
When a crash dump occurs, Azure Security Center will analyze this dump and if it finds a suspicious activity it will trigger an alert. Today we updated the Managing and responding to security alerts in Azure Security Center article to include some of these alerts. We also updated the Detection Capabilities article to include more details on how Azure Security Center works behind the scene by leveraging Microsoft security intelligence. Last but not least, we just released a new MVA about Azure Security Center, recorded by three Azure Security Center PMs and with lots of information about this service.
Stay safe!