Automated Vulnerability Management
Introduction
I architected and implemented an automated vulnerability management solution leveraging Microsoft Defender, Logic Apps, and Azure Function Apps. The system proactively detects vulnerabilities, notifies resource owners, tracks remediation, and enforces compliance by removing non-compliant resources after multiple reminders—streamlining security operations and reducing manual effort.
Project Description
Detection & Notification
When Microsoft Defender identifies a vulnerability, a Logic App is triggered. It uses a Function App to extract resource owner and co-owner details from resource tags, then sends notification emails via Outlook integration.
Tracking & Remediation
Resource details and email notification counts are logged in an Azure Storage Table. A second Logic App checks for unresolved vulnerabilities weekly, sending reminders with a Standard Operating Procedure (SOP) for remediation and updating the notification count.
Enforcement
If a vulnerability persists after three reminders, the Logic App automatically removes the offending Azure Container Registry (ACR) image, ensuring compliance and reducing risk.
Key Components & Technologies
Project Challenges & Solutions
Problem: Delays in alerting resource owners about new vulnerabilities
Solution:
- Automated detection and email notifications via Logic Apps and Function Apps
Result: 95% reduction in notification time
Problem: Lack of visibility and follow-up on unresolved vulnerabilities
Solution:
- Centralized tracking in Azure Storage Tables
- Automated weekly reminders with SOPs
Result: 80% increase in timely vulnerability remediation
Problem: Persistent vulnerabilities despite repeated notifications
Solution:
- Automated enforcement by removing non-compliant ACR images after three reminders
Result: 100% compliance for critical vulnerabilities