Microsoft Azure Compute
The purpose of this integration is to discover Virtual Machines running in Azure. It does not collect events or performance statistics.
Configuration
Setup in Azure
- Log in to the Azure Portal
- Create an Azure Active Directory application
- Sign in to your Azure Account through the Azure portal.
- Select Azure Active Directory.
- Select App registrations.
- Select New registration.
- Assign the application to a role:
- Select Subscriptions on the Home page.
- Select the particular subscription to assign your application to. In here, it uses Pay-As-You-GO as the example.
Click Pay-AS-You-GO to open it. Save the Subscription ID for FortiSIEM credential.
- Copy the Subscription ID, it will be needed when defining the credential in FortiSIEM.
- Select Access control (IAM).
- Select Add role assignment.
- Select Owner to assign to the application and select the app that you created. And then click Save.
- Select Subscriptions on the Home page.
- Get value for FortiSIEM credential
- Select Azure Active Directory.
- From App registrations in Azure AD, select your application.
- Copy the Application (client) ID and Directory (tenant) ID, it will be needed when defining the credential in FortiSIEM.
- Select Certificate & secrets to generate a secret key.
- Test
- Command:
/opt/phoenix/bin/getAzureResourceVM.py {subscriptionId} {tenantId} {clientId} {client secret}. - Example:
/opt/phoenix/bin/getAzureResourceVM.py 7327432-1a83-4e02-a928-9032489032898a 05c94b87-da0c-4e11-be1d-789234789432 068863e4-c2fa-48df-8f33-79823478932 jh23hjkb324ugih32hujdsdsvqeP]]'
- Command:
Setup in FortiSIEM
- Create a new credential. Make sure to select Azure Resource SDK as the Access Protocol.
- Define a credential.
- Create a Discovery Definition.
- The CMDB should then be populated.
