Microsoft Azure Compute
The purpose of this integration is to discover Virtual Machines (VMs) running in Azure. It does not collect events or performance statistics. Many Azure specific reports rely on properly categorizing which VMs exist in Azure Cloud. Please follow the appropriate integration guide for each instance in Azure you would like to ingest logs and monitor.
Configuration
Setup in Azure
- Log in to the Azure Portal
- Create an Azure Active Directory application
- Sign in to your Azure Account through the Azure portal.
- Select Azure Active Directory.
- Select App registrations.
- Select New registration.
- Assign the application to a role:
- Select Subscriptions on the Home page.
- Select the particular subscription to assign your application to. In here, it uses Pay-As-You-GO as the example.
Click Pay-AS-You-GO to open it. Save the Subscription ID for FortiSIEM credential.
- Copy the Subscription ID, it will be needed when defining the credential in FortiSIEM.
- Select Access control (IAM).
- Select Add role assignment.
- Select Owner to assign to the application and select the app that you created. And then click Save.
- Get value for FortiSIEM credential
- Select Azure Active Directory.
- From App registrations in Azure AD, select your application.
- Copy the Application (client) ID and Directory (tenant) ID, it will be needed when defining the credential in FortiSIEM.
- Select Certificate & secrets to generate a secret key.
- Test
- Command:
/opt/phoenix/bin/getAzureResourceVM.py {subscriptionId} {tenantId} {clientId} {client secret}
. - Example:
/opt/phoenix/bin/getAzureResourceVM.py 7327432-1a83-4e02-a928-9032489032898a 05c94b87-da0c-4e11-be1d-789234789432 068863e4-c2fa-48df-8f33-79823478932 jh23hjkb324ugih32hujdsdsvqeP]]'
- Command:
Setup in FortiSIEM
Follow these steps in the FortiSIEM UI:
- Create a new credential. Make sure to select Azure Resource SDK as the Access Protocol.
- Define a credential.
- Create a Discovery Definition.
- The CMDB should then be populated.