Wizard - Azure Cloud

This page provides a step-by-step guide on how to connect to Azure Cloud using the Azure Cloud security wizard in order to load subscriptions. The process involves providing connection details such as Tenant ID, Service Principal Name, Service Principal ID, and Service Principal Key. The user can then select a security mode, either Monitor or Monitor and Remediate, and set a scheduler to monitor the collection. Once the required details are provided and the scheduler is set, the user can click on the "Load Accounts" button to load the Azure subscriptions for which the user provided the details. The user can then select a subscription and finish the process, which involves creating connector, snapshot, and compliance configurations, running a crawler to fetch available resources from the cloud, and running the policy compliance on fetched resources. The compliance result can then be viewed in the Infra findings screen and the logs in the Log screen.

To connect to Azure Cloud, provide the required azure secret data to load the subscriptions.

Security Wizard Type

../img/wizard/azure/select_type.png)

  1. Select Name of the collection
  2. Select wizard type to Azure Cloud
  3. Click Next button for further steps

../img/wizard/azure/azure_load_accounts.png)

Provide Connection Details

  1. Tenant ID: Set tenant ID using Azure Active Directory
  2. Service Principal Name: Provide An Azure SPN is a security identity used by user-created applications, services, and automation tools to access specific Azure resources.
  3. Service Principal ID: Id of the Service Principal
  4. Service Principal Key: Secret key to access Service Principal

  5. User can create new service principal by following these steps

Security Mode

Select the security mode which will be applied to Azure Cloud compliance.

  1. Monitor:

    • Load the cloud resources,
    • Runs the compliance periodically.
    • Generates reports for it.
  2. Monitor and Remediate:

    • Load the cloud resources.
    • Runs the compliance periodically.
    • Generates reports for it.
    • It provides a remediation option to auto-fix the policy issues on the cloud.

Scheduler

  1. One time run: This will run the crawler and compliance once. it won't schedule it.
  2. Continuous Compliance: This option will set continuous monitoring of the collection. like once in two hours.

After providing the required details and selecting the Security Mode and Scheduler, click on the "Load Accounts" button.

  • It will load the Azure subscriptions for which the user provided the details.

../img/wizard/azure/select_account.png)

  • User can select a subscription and click on the Finish button.
  • It will do the following items:
  • Create Connector Configuration
  • Create Master Snapshot Configuration
  • Create Master Compliance Configuration
  • Run the Crawler to fetch available resources from the cloud.
  • Run the policy compliance on fetched resources.

../img/wizard/azure/finish_processing.png)

  • After some time, you can see the compliance result in the Infra findings screen and see the logs in the Log screen.