Azure Compute

Azure Compute v1.1.0

Home FortiSOAR Connectors Azure Compute

1.1.0

Azure Compute v1.1.0

About the connector

Azure compute services are the hosting services responsible for hosting and running the application workloads. These include Azure Virtual Machines (VMs), Azure Container Service, Azure App Services, Azure Batch, and Azure ServiceFabric.

This document provides information about the Azure Compute Connector, which facilitates automated interactions, with an Azure Compute server using FortiSOAR™ playbooks. Add the Azure Compute Connector as a step in FortiSOAR™ playbooks and perform automated operations such as creating an instance, starting an instance, or retrieving a list of all instances.

Version information

Connector Version: 1.1.0

FortiSOAR™ Version Tested on: 7.2.0-914

Authored By: Fortinet

Certified: Yes

Release Notes for version 1.1.0

The following enhancements and bugs have been made to the Azure Compute Connector in version 1.1.0:

Certified this version of the connector.
Fixed an issue with the "Create an Instance" action that was failing with the "ResourceNotFound" error.

Getting Access Tokens

You can get authentication tokens to access the Azure Compute APIs using two methods:

On behalf of the User – Delegate Permission.
Without a User - Application Permission.

For more information, see https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview.

Getting Access Tokens using the On behalf of the user – Delegated Permission method

Ensure that the required permissions are granted for the registration of the application.
For more information see, https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles?toc=/azure/virtual-network/toc.json#network-contributor.
For example, for an Azure Subscriptions User: API/Permission name that should be granted is
- Microsoft.Authorization/*/read
- Microsoft.ClassicCompute/domainNames/*
- Microsoft.ClassicCompute/virtualMachines/*
- Microsoft.ClassicNetwork/networkSecurityGroups/join/action
- Microsoft.ClassicNetwork/reservedIps/link/action
- Microsoft.ClassicNetwork/reservedIps/read
- Microsoft.ClassicNetwork/virtualNetworks/join/action
- Microsoft.ClassicNetwork/virtualNetworks/read
- Microsoft.ClassicStorage/storageAccounts/disks/read
- Microsoft.ClassicStorage/storageAccounts/images/read
- Microsoft.ClassicStorage/storageAccounts/listKeys/action
- Microsoft.ClassicStorage/storageAccounts/read
- Microsoft.Insights/alertRules/*
- Microsoft.ResourceHealth/availabilityStatuses/read
- Microsoft.Resources/deployments/*
- Microsoft.Resources/subscriptions/resourceGroups/read
- and Microsoft.Support/* of type 'Delegate'.
The Redirect URL can be directed to any web application in which you want to receive responses from Azure Compute. If you are unsure about what to set as a redirect URL, you can use https://localhost/myapp.
Copy the following URL and replace the TENANT_ID, CLIENT_ID, and REDIRECT_URI with your own tenant ID, client ID, and redirect URL: https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/authorize?response_type=code&scope=offline_access &client_id=CLIENT_ID&redirect_uri=REDIRECT_URI
Enter the above link with the replaced values and you will be prompted to grant permissions for your Azure Service Management. You will be automatically redirected to a link with the following structure: REDIRECT_URI?code=AUTH_CODE&session_state=SESSION_STATE
Copy the AUTH_CODE (without the "code=" prefix) and paste it into your instance configuration in the 'Authorization Code' parameter.
Enter your client ID in the 'Application (client) ID' parameter field.
Enter your client secret in the 'Application (client) Secret' parameter field.
Enter your tenant ID in the 'Directory (tenant) ID' parameter field.
Enter your redirect URL in the 'Redirect URL' parameter field. By default, it is set to https://localhost/myapp.

Getting Access Tokens using the Without a User - Application Permission method

Ensure that the required permissions are granted for the registration of the application.
For more information see, https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles?toc=/azure/virtual-network/toc.json#network-contributor.
For example, for an Azure Subscriptions Application User: API/Permission name that should be granted is
- Microsoft.Authorization/*/read
- Microsoft.ClassicCompute/domainNames/*
- Microsoft.ClassicCompute/virtualMachines/*
- Microsoft.ClassicNetwork/networkSecurityGroups/join/action
- Microsoft.ClassicNetwork/reservedIps/link/action
- Microsoft.ClassicNetwork/reservedIps/read
- Microsoft.ClassicNetwork/virtualNetworks/join/action
- Microsoft.ClassicNetwork/virtualNetworks/read
- Microsoft.ClassicStorage/storageAccounts/disks/read
- Microsoft.ClassicStorage/storageAccounts/images/read
- Microsoft.ClassicStorage/storageAccounts/listKeys/action
- Microsoft.ClassicStorage/storageAccounts/read
- Microsoft.Insights/alertRules/*
- Microsoft.ResourceHealth/availabilityStatuses/read
- Microsoft.Resources/deployments/*
- Microsoft.Resources/subscriptions/resourceGroups/read
- and Microsoft.Support/* of type 'Application'.
Enter your client ID in the 'Application (client) ID' parameter field.
Enter your client secret in the 'Application (client) Secret' parameter field.
Enter your tenant ID in the 'Directory (tenant) ID' parameter field.

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-azure-compute

Prerequisites to configuring the connector

You must have acquired authentication tokens to access the Azure Compute APIs using 'Delegated' or 'Application' Permissions. For more information see the Getting Access Tokens section.
Ensure that host login.microsoftonline.com on port 443 is in the allowlist of your Firewall or Proxy servers.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Azure Compute connector card. On the connector popup, click the Configurations tab to enter the required configuration details.

Parameter	Description
Get Access Token	Select the method using which you will get authentication tokens used to access the security graph APIs. You can choose between On behalf of User – Delegated Permission or Without a User - Application Permission. For more information, see the Getting Access Tokens section. If you choose 'Without a User - Application Permission' Server URL: The service-based URL to which you will connect and perform the automated operations. Directory (Tenant) ID: ID of the tenant that you have been provided for your Azure Active Directory instance Application (Client) ID: Unique ID of the Azure Active Directory application that is used to create an authentication token required to access the API. Application (Client) Secret: Unique Client Secret of the Azure Active Directory application that is used to create an authentication token required to access the API. For information on how to get the secret key, see https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp. If you choose 'On behalf of User - Delegated Permission' Server URL: The service-based URL to which you will connect and perform the automated operations. Directory (Tenant) ID: ID of the tenant that you have been provided for your Azure Active Directory instance Application (Client) ID: Unique ID of the Azure Active Directory application that is used to create an authentication token required to access the API. Application (Client) Secret: Unique Client Secret of the Azure Active Directory application that is used to create an authentication token required to access the API. For information on how to get the secret key, see https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp. Authorization Code: (Only Applicable to On behalf of User – Delegated Permission) The authorization code that you acquired during the authorization step. For more information, see the Getting Access Tokens using the Delegated Permissions method section. Redirect URI: (Only Applicable to On behalf of User – Delegated Permission) The redirect_url of your app, where authentication responses can be sent and received by your app. The redirect URL that you specify here must exactly match one of the redirect_url's you have registered in your app registration portal.
Verify SSL	Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True.

Parameter

Description

Get Access Token

Select the method using which you will get authentication tokens used to access the security graph APIs. You can choose between On behalf of User – Delegated Permission or Without a User - Application Permission. For more information, see the Getting Access Tokens section.
If you choose 'Without a User - Application Permission'

Server URL: The service-based URL to which you will connect and perform the automated operations.
Directory (Tenant) ID: ID of the tenant that you have been provided for your Azure Active Directory instance
Application (Client) ID: Unique ID of the Azure Active Directory application that is used to create an authentication token required to access the API.
Application (Client) Secret: Unique Client Secret of the Azure Active Directory application that is used to create an authentication token required to access the API. For information on how to get the secret key, see https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.

If you choose 'On behalf of User - Delegated Permission'

Server URL: The service-based URL to which you will connect and perform the automated operations.
Directory (Tenant) ID: ID of the tenant that you have been provided for your Azure Active Directory instance
Application (Client) ID: Unique ID of the Azure Active Directory application that is used to create an authentication token required to access the API.
Application (Client) Secret: Unique Client Secret of the Azure Active Directory application that is used to create an authentication token required to access the API. For information on how to get the secret key, see https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.
Authorization Code: (Only Applicable to On behalf of User – Delegated Permission) The authorization code that you acquired during the authorization step. For more information, see the Getting Access Tokens using the Delegated Permissions method section.
Redirect URI: (Only Applicable to On behalf of User – Delegated Permission) The redirect_url of your app, where authentication responses can be sent and received by your app. The redirect URL that you specify here must exactly match one of the redirect_url's you have registered in your app registration portal.

Verify SSL

Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations:

Function	Description	Annotation and Category
Create an Instance	Creates an instance in the specified resource group based on the input parameters, such as subscription ID, name of the resource group, location of the instance, etc. you have specified.	create_instance Investigation
List Instances	Retrieves a list of all instances (VMs) based on the subscription ID and resource group you have specified.	list_of_instances Investigation
Get Instance Info	Retrieves all the details of the specified instance from the specified resource group based on the subscription ID, name of the resource group, and name of the VM you have specified.	get_instance_info Investigation
Start an Instance	Starts the specified instance based on the subscription ID, name of the resource group, and name of the VM you have specified.	start_instance Investigation
Stop an Instance	Stops the specified instance based on the subscription ID, name of the resource group, and name of the VM you have specified.	stop_instance Investigation
Restart an Instance	Restarts the specified instance based on the subscription ID, name of the resource group, and name of the VM you have specified.	restart_instance Investigation
Delete an Instance	Deletes the specified instance in the specified resource group based on the subscription ID, name of the resource group, and name of the VM you have specified.	delete_instance Investigation

operation: Create an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named "list_of_subscriptions" to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group in which you want to create the instance. This parameter makes an API call named "list_of_resource_groups" to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Specify the name of the virtual machine that you want to create.
Location	Select the region or location of the instance that you want to create This parameter makes an API call named "list_of_locations" to dynamically populate the Location's drop-down selections.
VM Size	Select the size of the instance that you want to create. This parameter makes an API call named "list_of_vm_size" to dynamically populate the VM Size's drop-down selections.
Network Security Group Name	Select the network security group name of the instance you want to create. This parameter makes an API call named "list_of_nic" to dynamically populate the Network Security Group Name's drop-down selections.
Username	Specify the username for that instance you want to create.
Password	Specify the username for that instance you want to create.
OS Image Type	Select the type of image for the instance you want to create. You can choose between Custom or Marketplace If you choose 'Custom', then from the VM OS image drop-down list select the OS image for the instance you want to create. If you choose 'Marketplace', then you can specify the following parameters: VM OS Image Publisher: Select the OS image publisher for the instance you want to create. VM OS Image Offer: Select the OS image offer for the instance you want to create. VM OS Image SKU: Select the OS image SKU for the instance you want to create. VM OS Image Versions: Select the OS image versions for the instance you want to create.

Output

The output contains the following populated JSON schema:
{
"name": "",
"id": "",
"type": "",
"location": "",
"properties": {
"vmId": "",
"hardwareProfile": {
"vmSize": ""
},
"storageProfile": {
"imageReference": {
"publisher": "",
"offer": "",
"sku": "",
"version": "",
"exactVersion": ""
},
"osDisk": {
"osType": "",
"name": "",
"createOption": "",
"caching": "",
"managedDisk": {
"storageAccountType": "",
"id": ""
},
"deleteOption": "",
"diskSizeGB": ""
},
"dataDisks": []
},
"osProfile": {
"computerName": "",
"adminUsername": "",
"linuxConfiguration": {
"disablePasswordAuthentication": "",
"provisionVMAgent": "",
"patchSettings": {
"patchMode": "",
"assessmentMode": ""
}
},
"secrets": [],
"allowExtensionOperations": "",
"requireGuestProvisionSignal": ""
},
"networkProfile": {
"networkInterfaces": [
{
"id": "",
"properties": {
"deleteOption": ""
}
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": ""
}
},
"provisioningState": "",
"timeCreated": ""
}
}

operation: List Instances

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named "list_of_subscriptions" to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group from which you want to retrieve a list of all instances (VMs). This parameter makes an API call named "list_of_resource_groups" to dynamically populate the Resource Group Name's drop-down selections.

Output

operation: Get Instance Info

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named "list_of_subscriptions" to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group from which you want to retrieve the details of the specified instance (VM). This parameter makes an API call named "list_of_resource_groups" to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine whose details you want to retrieve. This parameter makes an API call named "list_of_instances_only_names" to dynamically populate the Virtual Machine Name's drop-down selections.

Output

operation: Start an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named "list_of_subscriptions" to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group that contains the instance (VM) that you want to start. This parameter makes an API call named "list_of_resource_groups" to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine that you want to start. This parameter makes an API call named "list_of_instances_only_names" to dynamically populate the Virtual Machine Name's drop-down selections.

Output

The output contains the following populated JSON schema:
{
"result": ""
}

operation: Stop an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named "list_of_subscriptions" to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group that contains the instance (VM) that you want to stop. This parameter makes an API call named "list_of_resource_groups" to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine that you want to stop. This parameter makes an API call named "list_of_instances_only_names" to dynamically populate the Virtual Machine Name's drop-down selections.

Output

The output contains the following populated JSON schema:
{
"result": ""
}

operation: Restart an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named "list_of_subscriptions" to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group that contains the instance (VM) that you want to restart. This parameter makes an API call named "list_of_resource_groups" to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine that you want to restart. This parameter makes an API call named "list_of_instances_only_names" to dynamically populate the Virtual Machine Name's drop-down selections.

Output

The output contains the following populated JSON schema:
{
"result": ""
}

operation: Delete an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named "list_of_subscriptions" to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group that contains the instance (VM) that you want to delete. This parameter makes an API call named "list_of_resource_groups" to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine that you want to delete. This parameter makes an API call named "list_of_instances_only_names" to dynamically populate the Virtual Machine Name's drop-down selections.

Output

The output contains the following populated JSON schema:
{
"result": ""
}

Included playbooks

The Sample - Azure Compute - 1.1.0 playbook collection comes bundled with the Azure Compute connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Azure Compute connector.

Create an Instance
Delete an Instance
Get Instance Info
List Instances
Restart an Instance
Start an Instance
Stop an Instance

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

Version information

Connector Version: 1.1.0

FortiSOAR™ Version Tested on: 7.2.0-914

Authored By: Fortinet

Certified: Yes

Release Notes for version 1.1.0

The following enhancements and bugs have been made to the Azure Compute Connector in version 1.1.0:

Certified this version of the connector.
Fixed an issue with the "Create an Instance" action that was failing with the "ResourceNotFound" error.

Getting Access Tokens

You can get authentication tokens to access the Azure Compute APIs using two methods:

On behalf of the User – Delegate Permission.
Without a User - Application Permission.

For more information, see https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview.

Getting Access Tokens using the On behalf of the user – Delegated Permission method

Ensure that the required permissions are granted for the registration of the application.
For more information see, https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles?toc=/azure/virtual-network/toc.json#network-contributor.
For example, for an Azure Subscriptions User: API/Permission name that should be granted is
- Microsoft.Authorization/*/read
- Microsoft.ClassicCompute/domainNames/*
- Microsoft.ClassicCompute/virtualMachines/*
- Microsoft.ClassicNetwork/networkSecurityGroups/join/action
- Microsoft.ClassicNetwork/reservedIps/link/action
- Microsoft.ClassicNetwork/reservedIps/read
- Microsoft.ClassicNetwork/virtualNetworks/join/action
- Microsoft.ClassicNetwork/virtualNetworks/read
- Microsoft.ClassicStorage/storageAccounts/disks/read
- Microsoft.ClassicStorage/storageAccounts/images/read
- Microsoft.ClassicStorage/storageAccounts/listKeys/action
- Microsoft.ClassicStorage/storageAccounts/read
- Microsoft.Insights/alertRules/*
- Microsoft.ResourceHealth/availabilityStatuses/read
- Microsoft.Resources/deployments/*
- Microsoft.Resources/subscriptions/resourceGroups/read
- and Microsoft.Support/* of type 'Delegate'.
The Redirect URL can be directed to any web application in which you want to receive responses from Azure Compute. If you are unsure about what to set as a redirect URL, you can use https://localhost/myapp.
Copy the following URL and replace the TENANT_ID, CLIENT_ID, and REDIRECT_URI with your own tenant ID, client ID, and redirect URL: https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/authorize?response_type=code&scope=offline_access &client_id=CLIENT_ID&redirect_uri=REDIRECT_URI
Enter the above link with the replaced values and you will be prompted to grant permissions for your Azure Service Management. You will be automatically redirected to a link with the following structure: REDIRECT_URI?code=AUTH_CODE&session_state=SESSION_STATE
Copy the AUTH_CODE (without the "code=" prefix) and paste it into your instance configuration in the 'Authorization Code' parameter.
Enter your client ID in the 'Application (client) ID' parameter field.
Enter your client secret in the 'Application (client) Secret' parameter field.
Enter your tenant ID in the 'Directory (tenant) ID' parameter field.
Enter your redirect URL in the 'Redirect URL' parameter field. By default, it is set to https://localhost/myapp.

Getting Access Tokens using the Without a User - Application Permission method

Ensure that the required permissions are granted for the registration of the application.
For more information see, https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles?toc=/azure/virtual-network/toc.json#network-contributor.
For example, for an Azure Subscriptions Application User: API/Permission name that should be granted is
- Microsoft.Authorization/*/read
- Microsoft.ClassicCompute/domainNames/*
- Microsoft.ClassicCompute/virtualMachines/*
- Microsoft.ClassicNetwork/networkSecurityGroups/join/action
- Microsoft.ClassicNetwork/reservedIps/link/action
- Microsoft.ClassicNetwork/reservedIps/read
- Microsoft.ClassicNetwork/virtualNetworks/join/action
- Microsoft.ClassicNetwork/virtualNetworks/read
- Microsoft.ClassicStorage/storageAccounts/disks/read
- Microsoft.ClassicStorage/storageAccounts/images/read
- Microsoft.ClassicStorage/storageAccounts/listKeys/action
- Microsoft.ClassicStorage/storageAccounts/read
- Microsoft.Insights/alertRules/*
- Microsoft.ResourceHealth/availabilityStatuses/read
- Microsoft.Resources/deployments/*
- Microsoft.Resources/subscriptions/resourceGroups/read
- and Microsoft.Support/* of type 'Application'.
Enter your client ID in the 'Application (client) ID' parameter field.
Enter your client secret in the 'Application (client) Secret' parameter field.
Enter your tenant ID in the 'Directory (tenant) ID' parameter field.

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-azure-compute

Prerequisites to configuring the connector

You must have acquired authentication tokens to access the Azure Compute APIs using 'Delegated' or 'Application' Permissions. For more information see the Getting Access Tokens section.
Ensure that host login.microsoftonline.com on port 443 is in the allowlist of your Firewall or Proxy servers.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

Parameter	Description
Get Access Token	Select the method using which you will get authentication tokens used to access the security graph APIs. You can choose between On behalf of User – Delegated Permission or Without a User - Application Permission. For more information, see the Getting Access Tokens section. If you choose 'Without a User - Application Permission' Server URL: The service-based URL to which you will connect and perform the automated operations. Directory (Tenant) ID: ID of the tenant that you have been provided for your Azure Active Directory instance Application (Client) ID: Unique ID of the Azure Active Directory application that is used to create an authentication token required to access the API. Application (Client) Secret: Unique Client Secret of the Azure Active Directory application that is used to create an authentication token required to access the API. For information on how to get the secret key, see https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp. If you choose 'On behalf of User - Delegated Permission' Server URL: The service-based URL to which you will connect and perform the automated operations. Directory (Tenant) ID: ID of the tenant that you have been provided for your Azure Active Directory instance Application (Client) ID: Unique ID of the Azure Active Directory application that is used to create an authentication token required to access the API. Application (Client) Secret: Unique Client Secret of the Azure Active Directory application that is used to create an authentication token required to access the API. For information on how to get the secret key, see https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp. Authorization Code: (Only Applicable to On behalf of User – Delegated Permission) The authorization code that you acquired during the authorization step. For more information, see the Getting Access Tokens using the Delegated Permissions method section. Redirect URI: (Only Applicable to On behalf of User – Delegated Permission) The redirect_url of your app, where authentication responses can be sent and received by your app. The redirect URL that you specify here must exactly match one of the redirect_url's you have registered in your app registration portal.
Verify SSL	Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True.

Parameter

Description

Get Access Token

Server URL: The service-based URL to which you will connect and perform the automated operations.
Directory (Tenant) ID: ID of the tenant that you have been provided for your Azure Active Directory instance
Application (Client) ID: Unique ID of the Azure Active Directory application that is used to create an authentication token required to access the API.
Application (Client) Secret: Unique Client Secret of the Azure Active Directory application that is used to create an authentication token required to access the API. For information on how to get the secret key, see https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.

If you choose 'On behalf of User - Delegated Permission'

Server URL: The service-based URL to which you will connect and perform the automated operations.
Directory (Tenant) ID: ID of the tenant that you have been provided for your Azure Active Directory instance
Application (Client) ID: Unique ID of the Azure Active Directory application that is used to create an authentication token required to access the API.
Application (Client) Secret: Unique Client Secret of the Azure Active Directory application that is used to create an authentication token required to access the API. For information on how to get the secret key, see https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.
Authorization Code: (Only Applicable to On behalf of User – Delegated Permission) The authorization code that you acquired during the authorization step. For more information, see the Getting Access Tokens using the Delegated Permissions method section.
Redirect URI: (Only Applicable to On behalf of User – Delegated Permission) The redirect_url of your app, where authentication responses can be sent and received by your app. The redirect URL that you specify here must exactly match one of the redirect_url's you have registered in your app registration portal.

Verify SSL

Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations:

Function	Description	Annotation and Category
Create an Instance	Creates an instance in the specified resource group based on the input parameters, such as subscription ID, name of the resource group, location of the instance, etc. you have specified.	create_instance Investigation
List Instances	Retrieves a list of all instances (VMs) based on the subscription ID and resource group you have specified.	list_of_instances Investigation
Get Instance Info	Retrieves all the details of the specified instance from the specified resource group based on the subscription ID, name of the resource group, and name of the VM you have specified.	get_instance_info Investigation
Start an Instance	Starts the specified instance based on the subscription ID, name of the resource group, and name of the VM you have specified.	start_instance Investigation
Stop an Instance	Stops the specified instance based on the subscription ID, name of the resource group, and name of the VM you have specified.	stop_instance Investigation
Restart an Instance	Restarts the specified instance based on the subscription ID, name of the resource group, and name of the VM you have specified.	restart_instance Investigation
Delete an Instance	Deletes the specified instance in the specified resource group based on the subscription ID, name of the resource group, and name of the VM you have specified.	delete_instance Investigation

operation: Create an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named "list_of_subscriptions" to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group in which you want to create the instance. This parameter makes an API call named "list_of_resource_groups" to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Specify the name of the virtual machine that you want to create.
Location	Select the region or location of the instance that you want to create This parameter makes an API call named "list_of_locations" to dynamically populate the Location's drop-down selections.
VM Size	Select the size of the instance that you want to create. This parameter makes an API call named "list_of_vm_size" to dynamically populate the VM Size's drop-down selections.
Network Security Group Name	Select the network security group name of the instance you want to create. This parameter makes an API call named "list_of_nic" to dynamically populate the Network Security Group Name's drop-down selections.
Username	Specify the username for that instance you want to create.
Password	Specify the username for that instance you want to create.
OS Image Type	Select the type of image for the instance you want to create. You can choose between Custom or Marketplace If you choose 'Custom', then from the VM OS image drop-down list select the OS image for the instance you want to create. If you choose 'Marketplace', then you can specify the following parameters: VM OS Image Publisher: Select the OS image publisher for the instance you want to create. VM OS Image Offer: Select the OS image offer for the instance you want to create. VM OS Image SKU: Select the OS image SKU for the instance you want to create. VM OS Image Versions: Select the OS image versions for the instance you want to create.

Output

operation: List Instances

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named "list_of_subscriptions" to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group from which you want to retrieve a list of all instances (VMs). This parameter makes an API call named "list_of_resource_groups" to dynamically populate the Resource Group Name's drop-down selections.

Output

operation: Get Instance Info

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named "list_of_subscriptions" to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group from which you want to retrieve the details of the specified instance (VM). This parameter makes an API call named "list_of_resource_groups" to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine whose details you want to retrieve. This parameter makes an API call named "list_of_instances_only_names" to dynamically populate the Virtual Machine Name's drop-down selections.

Output

operation: Start an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named "list_of_subscriptions" to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group that contains the instance (VM) that you want to start. This parameter makes an API call named "list_of_resource_groups" to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine that you want to start. This parameter makes an API call named "list_of_instances_only_names" to dynamically populate the Virtual Machine Name's drop-down selections.

Output

The output contains the following populated JSON schema:
{
"result": ""
}

operation: Stop an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named "list_of_subscriptions" to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group that contains the instance (VM) that you want to stop. This parameter makes an API call named "list_of_resource_groups" to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine that you want to stop. This parameter makes an API call named "list_of_instances_only_names" to dynamically populate the Virtual Machine Name's drop-down selections.

Output

The output contains the following populated JSON schema:
{
"result": ""
}

operation: Restart an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named "list_of_subscriptions" to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group that contains the instance (VM) that you want to restart. This parameter makes an API call named "list_of_resource_groups" to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine that you want to restart. This parameter makes an API call named "list_of_instances_only_names" to dynamically populate the Virtual Machine Name's drop-down selections.

Output

The output contains the following populated JSON schema:
{
"result": ""
}

operation: Delete an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named "list_of_subscriptions" to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group that contains the instance (VM) that you want to delete. This parameter makes an API call named "list_of_resource_groups" to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine that you want to delete. This parameter makes an API call named "list_of_instances_only_names" to dynamically populate the Virtual Machine Name's drop-down selections.

Output

The output contains the following populated JSON schema:
{
"result": ""
}

Included playbooks

Create an Instance
Delete an Instance
Get Instance Info
List Instances
Restart an Instance
Start an Instance
Stop an Instance

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

Azure Compute

Azure Compute v1.1.0

About the connector

Version information

Release Notes for version 1.1.0

Getting Access Tokens

Getting Access Tokens using the On behalf of the user – Delegated Permission method

Getting Access Tokens using the Without a User - Application Permission method

Installing the connector

Prerequisites to configuring the connector

Configuring the connector

Configuration parameters

Actions supported by the connector

operation: Create an Instance