Azure Compute

Azure Compute v1.2.0

Home FortiSOAR Connectors Azure Compute

1.2.0

Azure Compute v1.2.0

About the connector

Azure Virtual Machines are image service instances that provide on-demand and scalable computing resources with usage-based pricing. This connector facilitates automated operations to get list of Azure Compute VM, get information about an Azure Compute VM, create, start, restart, stop and delete of an Azure Compute VM

This document provides information about the Azure Compute Connector, which facilitates automated interactions, with a Azure Compute server using FortiSOAR™ playbooks. Add the Azure Compute Connector as a step in FortiSOAR™ playbooks and perform automated operations with Azure Compute.

Version information

Connector Version: 1.2.0

FortiSOAR™ Version Tested on: 7.4.0-3024

Azure Compute Version Tested on: Cloud Instance

Authored By: Fortinet

Certified: Yes

Release Notes for version 1.2.0

Following enhancements have been made to the Azure Compute Connector in version 1.2.0:

Following actions have been added:
- Create Snapshot
- List Snapshot
- Get Snapshot Details
- Update Snapshot
- Delete Snapshot
- Get NIC Details
- Get NSG Details
Renamed action Get Instance Info to Get Instance Details

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:

yum install cyops-connector-azure-compute

Prerequisites to configuring the connector

You must have the URL of Azure Compute server to connect and perform automated operations and credentials to access that server.
The FortiSOAR™ server should have outbound connectivity to port 443 on the Azure Compute server.
The URL https://management.azure.com must be allowed on proxy when the FortiSOAR environment is air-gapped.

Minimum Permissions Required

Not Applicable.

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Azure Compute connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter	Description
Get Access Token	Select the method using which you will get authentication tokens used to access the security graph APIs. You can choose between On behalf of User – Delegate Permission or Without a User – Application Permission. For more information, see the Getting Access Tokens section.
Server URL	The service-based URL to which you will connect and perform the automated operations.
Client ID	Unique ID of the Azure Active Directory application that is used to create an authentication token required to access the API.
Client Secret	Unique Client Secret of the Azure Active Directory application that is used to create an authentication token required to access the API. For information on how to get the secret key, see https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.
Tenant ID	ID of the tenant that you have been provided for your Azure Active Directory instance.
Authorization Code	(Only Applicable to On behalf of User – Delegate Permission) The authorization code that you acquired during the authorization step. For more information, see the Getting Access Tokens using the On behalf of the user – Delegate Permission method section.
Redirect URL	(Only Applicable to On behalf of User – Delegate Permission) The `redirect_uri` of your app, where authentication responses can be sent and received by your app. The redirect URL that you specify here must exactly match one of the `redirect_uri`s you have registered in your app registration portal. For more information, see the Getting Access Tokens using the On behalf of the user – Delegate Permission method section.
Verify SSL	Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set to `True`.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations:

Function	Description	Annotation and Category
Create an Instance	Creates an instance in the specified resource group based on the subscription ID, name of the resource group, location of the instance, and other input parameters you have specified.	create_instance Investigation
List Instances	Retrieves a list of all instances (VMs) based on subscription ID and resource group you have specified.	list_of_instances Investigation
Get Instance Details	Retrieves all the details of the specified instance from the specified resource group based on the subscription ID, name of the resource group, and name of the VM you have specified.	get_instance_info Investigation
Start an Instance	Starts the specified instance based on the subscription ID, name of the resource group, and name of the VM you have specified.	start_instance Investigation
Stop an Instance	Stops the specified instance based on the subscription ID, name of the resource group, and name of the VM you have specified.	stop_instance Investigation
Restart an Instance	Restarts the specified instance based on the subscription ID, name of the resource group, and name of the VM you have specified.	restart_instance Investigation
Delete an Instance	Deletes the specified instance in the specified resource group based on the subscription ID, name of the resource group, and name of the VM you have specified.	delete_instance Investigation
Create Snapshot	Creates an snapshot in the specified resource group based on the input parameters, such as subscription ID, name of the resource group, location of the instance, etc. you have specified.	create_snapshot Investigation
List Snapshot	Retrieves a list of all snapshot based on subscription ID and resource group you have specified.	list_snapshot Investigation
Get Snapshot Details	Retrieves all the details of the specified snapshot from the specified resource group based on the subscription ID, name of the resource group, and name of the snapshot you have specified.	get_snapshot_info Investigation
Update Snapshot	Update an snapshot in the specified resource group based on the input parameters, such as subscription ID, name of the resource group, name of the snapshot, etc. you have specified.	update_snapshot Investigation
Delete an Snapshot	Deletes the specified snapshot in the specified resource group based on the subscription ID, name of the resource group, and name of the snapshot you have specified.	delete_snapshot Investigation
Get NIC Details	Retrieves all the details of the specified NIC from the specified resource group based on the subscription ID, name of the resource group, and name of the NIC you have specified.	get_nic_details Investigation
Get NSG Details	Retrieves all the details of the specified NSG from the specified resource group based on the subscription ID, name of the resource group, and name of the NSG you have specified.	get_nsg_details Investigation

operation: Create an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group in which to create the instance. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Specify the name of the virtual machine to create.
Location	Select the region or location of the instance to create. This parameter makes an API call named `list_of_locations` to dynamically populate the location's drop-down selections.
VM Size	Select the size of the instance to create. This parameter makes an API call named `list_of_vm_size` to dynamically populate the VM Size's drop-down selections.
Network Security Group Name	Specify the name of network security group name. This parameter makes an API call named `list_of_nic` to dynamically populate its dropdown selections.
Username	Specify the username to create for the instance.
Password	Specify the password to create for the instance.
OS Image Type	Specify the OS image type to create for the instance. You can select from the following options: Custom: Select the VM OS image, from the drop-down list in the VM OS Image field. Marketplace: Specify values in the following fields. VM OS Image Publisher: Select the OS image publisher for the instance to create. VM OS Image Offer: Select the OS image offer for the instance to create. VM OS Image SKU: Select the OS image SKU for the instance to create. VM OS Image Versions: Select the OS image SKU for the instance to create.

Output

The output contains the following populated JSON schema:

{
    "name": "",
    "id": "",
    "type": "",
    "location": "",
    "properties": {
        "vmId": "",
        "hardwareProfile": {
            "vmSize": ""
        },
        "storageProfile": {
            "imageReference": {
                "publisher": "",
                "offer": "",
                "sku": "",
                "version": "",
                "exactVersion": ""
            },
            "osDisk": {
                "osType": "",
                "name": "",
                "createOption": "",
                "caching": "",
                "managedDisk": {
                    "storageAccountType": "",
                    "id": ""
                },
                "deleteOption": "",
                "diskSizeGB": ""
            },
            "dataDisks": []
        },
        "osProfile": {
            "computerName": "",
            "adminUsername": "",
            "linuxConfiguration": {
                "disablePasswordAuthentication": "",
                "provisionVMAgent": "",
                "patchSettings": {
                    "patchMode": "",
                    "assessmentMode": ""
                }
            },
            "secrets": [],
            "allowExtensionOperations": "",
            "requireGuestProvisionSignal": ""
        },
        "networkProfile": {
            "networkInterfaces": [
                {
                    "id": "",
                    "properties": {
                        "deleteOption": ""
                    }
                }
            ]
        },
        "diagnosticsProfile": {
            "bootDiagnostics": {
                "enabled": ""
            }
        },
        "provisioningState": "",
        "timeCreated": ""
    }
}

operation: List Instances

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance to list. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.

Output

The output contains the following populated JSON schema:

{
    "name": "",
    "id": "",
    "type": "",
    "location": "",
    "properties": {
        "vmId": "",
        "hardwareProfile": {
            "vmSize": ""
        },
        "storageProfile": {
            "imageReference": {
                "publisher": "",
                "offer": "",
                "sku": "",
                "version": "",
                "exactVersion": ""
            },
            "osDisk": {
                "osType": "",
                "name": "",
                "createOption": "",
                "caching": "",
                "managedDisk": {
                    "storageAccountType": "",
                    "id": ""
                },
                "deleteOption": "",
                "diskSizeGB": ""
            },
            "dataDisks": []
        },
        "osProfile": {
            "computerName": "",
            "adminUsername": "",
            "linuxConfiguration": {
                "disablePasswordAuthentication": "",
                "provisionVMAgent": "",
                "patchSettings": {
                    "patchMode": "",
                    "assessmentMode": ""
                }
            },
            "secrets": [],
            "allowExtensionOperations": "",
            "requireGuestProvisionSignal": ""
        },
        "networkProfile": {
            "networkInterfaces": [
                {
                    "id": "",
                    "properties": {
                        "deleteOption": ""
                    }
                }
            ]
        },
        "diagnosticsProfile": {
            "bootDiagnostics": {
                "enabled": ""
            }
        },
        "provisioningState": "",
        "timeCreated": ""
    }
}

operation: Get Instance Details

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance whose information is to be retrieved. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine whose details to retrieve. This parameter makes an API call named `list_of_instances_only_names` to dynamically populate the Virtual Machine Name's drop-down selections.

Output

The output contains the following populated JSON schema:

{
    "name": "",
    "id": "",
    "type": "",
    "location": "",
    "properties": {
        "vmId": "",
        "hardwareProfile": {
            "vmSize": ""
        },
        "storageProfile": {
            "imageReference": {
                "publisher": "",
                "offer": "",
                "sku": "",
                "version": "",
                "exactVersion": ""
            },
            "osDisk": {
                "osType": "",
                "name": "",
                "createOption": "",
                "caching": "",
                "managedDisk": {
                    "storageAccountType": "",
                    "id": ""
                },
                "deleteOption": "",
                "diskSizeGB": ""
            },
            "dataDisks": []
        },
        "osProfile": {
            "computerName": "",
            "adminUsername": "",
            "linuxConfiguration": {
                "disablePasswordAuthentication": "",
                "provisionVMAgent": "",
                "patchSettings": {
                    "patchMode": "",
                    "assessmentMode": ""
                }
            },
            "secrets": [],
            "allowExtensionOperations": "",
            "requireGuestProvisionSignal": ""
        },
        "networkProfile": {
            "networkInterfaces": [
                {
                    "id": "",
                    "properties": {
                        "deleteOption": ""
                    }
                }
            ]
        },
        "diagnosticsProfile": {
            "bootDiagnostics": {
                "enabled": ""
            }
        },
        "provisioningState": "",
        "timeCreated": ""
    }
}

operation: Start an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance to be started. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine to start. This parameter makes an API call named `list_of_instances_only_names` to dynamically populate the Virtual Machine Name's drop-down selections.

Output

The output contains the following populated JSON schema:

{
    "result": ""
}

operation: Stop an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance to be stopped. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine to stop. This parameter makes an API call named `list_of_instances_only_names` to dynamically populate the Virtual Machine Name's drop-down selections.

Output

The output contains the following populated JSON schema:

{
    "result": ""
}

operation: Restart an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance to be restarted. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine to restart. This parameter makes an API call named `list_of_instances_only_names` to dynamically populate the Virtual Machine Name's drop-down selections.

Output

The output contains the following populated JSON schema:

{
    "result": ""
}

operation: Delete an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance to be deleted. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine to delete. This parameter makes an API call named `list_of_instances_only_names` to dynamically populate the Virtual Machine Name's drop-down selections.

Output

The output contains the following populated JSON schema:

{
    "result": ""
}

operation: Create Snapshot

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance whose snapshot is to be created. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Snapshot Name	Specify the name of the snapshot that is being created. The name can't be changed after the snapshot is created. Supported characters for the name are `a-z`, `A-Z`, `0-9`, `_` and `-`. The max length of the name is `80` characters.
Location	Select the region or location of the snapshot to create. This parameter makes an API call named `list_of_locations` to dynamically populate the location's drop-down selections.
Creation Option	Select the source of a disk's creation. You can choose from the following options: Copy: Specify the ARM ID of the source snapshot or disk in the Source Resource ID. CopyStart: Specify values in following fields: Source Resource ID: Specify the ARM ID of the source snapshot or disk. Completion Percent: Specify the completion percentage of the background copy when a resource is created via the CopyStart operation. Empty: Specify the size of the disk, to create an empty data disk, in the Disk Size GB field. FromImage: Select one of the following options to create a new disk from a platform image: galleryImageReference: Specify values in following fields for user images stored in the Azure Gallery: ID: Specify the ARM ID of the shared galley image version from which to create a disk. Index: Specify the index of the data disks in the image to use. For OS disks, this field is `null`. imageReference: Specify values in following fields for platform images from the Azure platform image repository. ID: Specify the relative URI containing a Platform Image Repository. Index: Specify the index of the data disks in the image to use. For OS disks, this field is `null`. Import: Specify values in the following fields: Storage Account ID: Specify the Azure Resource Manager identifier of the storage account containing the blob to import as a disk. Source URI: Specify the URI of a blob to be imported into a managed disk. ImportSecure: Specify values in the following fields: Source URI: Specify the URI of a blob to be imported into a managed disk. Security Data URI: Specify the URI of a blob to be imported into VM guest state in the Security Data URI field.
Disk Size GB	Specify the size of the disk to create or resize. If Create Option parameter is Empty, this field is mandatory and it indicates the size of the disk to create. If this field is present for updates or creation with other options, it indicates a resize. Resizes are only allowed if the disk is not attached to a running VM, and can only increase the disk's size.
Logical Sector Size	Specify the logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. 4096 is the default.
Source Unique ID	Specify the unique ID identifying the source of this resource.
Extended Location	Specify the extended location where the snapshot will be created. Extended location cannot be changed.
Disk Access ID	Specify the ARM ID of the DiskAccess resource for using private endpoints on disks.
Incremental	Specify if the snapshot is incremental. Incremental snapshots on the same disk occupy less space than full snapshots and can be diffed.
Tags	Specify the tags of the snapshot to update.
Encryption Type	Select the type of key used to encrypt the data of the disk. You can choose from following options: EncryptionAtRestWithCustomerKey: Specify the resource ID of the disk encryption set to use for enabling encryption at rest in the Resource ID of Disk Encryption field. EncryptionAtRestWithPlatformAndCustomerKeys: Specify the resource ID of the disk encryption set to use for enabling encryption at rest in the Resource ID of Disk Encryption field. EncryptionAtRestWithPlatformKey
Network Access Policy	Select the policy for accessing the disk via network. You can choose from the following options: AllowAll AllowPrivate DenyAll
OS Type	Select the type of the operating system of the snapshot to create. You can choose from the following options: Linux Windows
Data Access AuthMode	Specify the additional authentication requirements when exporting or uploading to a disk or snapshot. You can choose from the following options: AzureActiveDirectory None
HyperVGeneration	Select the hypervisor generation for the virtual machine. This option is applicable to OS disks only.
Snapshot SKU	Specify the SKU name of the snapshot to create in Azure Compute. It can be `Standard_LRS`, `Premium_LRS`, or `Standard_ZRS`. By default, the SKU is set to the same as that of the previous snapshot.
Snapshot SKU Tier	Specify the SKU tier of the snapshot to create in Azure Compute.
Custom Properties	Specify additional properties, in JSON format, of the snapshot to create in Azure Compute. The additional properties signify additional fields associated with the snapshot.

Output

The output contains the following populated JSON schema:

{
    "name": "",
    "id": "",
    "type": "",
    "location": "",
    "tags": {},
    "sku": {
        "name": "",
        "tier": ""
    },
    "properties": {
        "osType": "",
        "hyperVGeneration": "",
        "supportsHibernation": "",
        "supportedCapabilities": {
            "acceleratedNetwork": "",
            "architecture": ""
        },
        "creationData": {
            "createOption": "",
            "sourceResourceId": "",
            "sourceUniqueId": ""
        },
        "diskSizeGB": "",
        "encryptionSettingsCollection": {
            "enabled": "",
            "encryptionSettings": [],
            "encryptionSettingsVersion": ""
        },
        "encryption": {
            "type": ""
        },
        "incremental": "",
        "networkAccessPolicy": "",
        "publicNetworkAccess": "",
        "dataAccessAuthMode": "",
        "timeCreated": "",
        "provisioningState": "",
        "diskState": "",
        "diskSizeBytes": "",
        "uniqueId": ""
    }
}

operation: List Snapshot

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance whose snapshot is to be listed. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.

Output

The output contains the following populated JSON schema:

{
    "name": "",
    "id": "",
    "type": "",
    "location": "",
    "tags": {},
    "sku": {
        "name": "",
        "tier": ""
    },
    "properties": {
        "osType": "",
        "hyperVGeneration": "",
        "supportsHibernation": "",
        "supportedCapabilities": {
            "acceleratedNetwork": "",
            "architecture": ""
        },
        "creationData": {
            "createOption": "",
            "sourceResourceId": "",
            "sourceUniqueId": ""
        },
        "diskSizeGB": "",
        "encryptionSettingsCollection": {
            "enabled": "",
            "encryptionSettings": [],
            "encryptionSettingsVersion": ""
        },
        "encryption": {
            "type": ""
        },
        "incremental": "",
        "networkAccessPolicy": "",
        "publicNetworkAccess": "",
        "dataAccessAuthMode": "",
        "timeCreated": "",
        "provisioningState": "",
        "diskState": "",
        "diskSizeBytes": "",
        "uniqueId": ""
    }
}

operation: Get Snapshot Details

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance whose snapshot information is to be retrieved. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Snapshot Name	Specify the name of the snapshot to retrieve its details.

Output

The output contains the following populated JSON schema:

{
    "name": "",
    "id": "",
    "type": "",
    "location": "",
    "tags": {},
    "sku": {
        "name": "",
        "tier": ""
    },
    "properties": {
        "osType": "",
        "hyperVGeneration": "",
        "supportsHibernation": "",
        "supportedCapabilities": {
            "acceleratedNetwork": "",
            "architecture": ""
        },
        "creationData": {
            "createOption": "",
            "sourceResourceId": "",
            "sourceUniqueId": ""
        },
        "diskSizeGB": "",
        "encryptionSettingsCollection": {
            "enabled": "",
            "encryptionSettings": [],
            "encryptionSettingsVersion": ""
        },
        "encryption": {
            "type": ""
        },
        "incremental": "",
        "networkAccessPolicy": "",
        "publicNetworkAccess": "",
        "dataAccessAuthMode": "",
        "timeCreated": "",
        "provisioningState": "",
        "diskState": "",
        "diskSizeBytes": "",
        "uniqueId": ""
    }
}

operation: Update Snapshot

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance whose snapshot is to be updated. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Snapshot Name	Specify the name of the snapshot that is being updated. Supported characters for the name are `a-z`, `A-Z`, `0-9`, `_` and `-`. The max length of the name is `80` characters.
Data Access AuthMode	Select the additional authentication requirements when exporting or uploading to a disk or snapshot. You can choose from the following options: AzureActiveDirectory None
Disk Access ID	Specify the ARM ID of the DiskAccess resource for using private endpoints on disks.
Disk Size GB	Specify the size of the disk to resize. If Create Option parameter is Empty, this field is mandatory and it indicates the size of the disk to create. If this field is present for updates or creation with other options, it indicates a resize. Resizes are only allowed if the disk is not attached to a running VM, and can only increase the disk's size.
Encryption Type	Select the type of key used to encrypt the data of the disk. You can choose from following options: EncryptionAtRestWithCustomerKey: Specify the resource ID of the disk encryption set to use for enabling encryption at rest in the Resource ID of Disk Encryption field. EncryptionAtRestWithPlatformAndCustomerKeys: Specify the resource ID of the disk encryption set to use for enabling encryption at rest in the Resource ID of Disk Encryption field. EncryptionAtRestWithPlatformKey
Network Access Policy	Specify the policy for accessing the disk via network.
OS Type	Specify the type of the operating system of the snapshot that has to be update.
Tags	Specify the tags of the snapshot that has to be update
Snapshot SKU	Specify the SKU name of the snapshot to create in Azure Compute. It can be `Standard_LRS`, `Premium_LRS`, or `Standard_ZRS`. By default, the SKU is set to the same as that of the previous snapshot.
Snapshot SKU Tier	Specify the SKU tier of the snapshot to create in Azure Compute.
Custom Properties	Specify additional properties, in JSON format, of the snapshot to create in Azure Compute. The additional properties signify additional fields associated with the snapshot.

Output

The output contains the following populated JSON schema:

{
    "name": "",
    "id": "",
    "type": "",
    "location": "",
    "tags": {},
    "sku": {
        "name": "",
        "tier": ""
    },
    "properties": {
        "osType": "",
        "hyperVGeneration": "",
        "supportsHibernation": "",
        "supportedCapabilities": {
            "acceleratedNetwork": "",
            "architecture": ""
        },
        "creationData": {
            "createOption": "",
            "sourceResourceId": "",
            "sourceUniqueId": ""
        },
        "diskSizeGB": "",
        "encryptionSettingsCollection": {
            "enabled": "",
            "encryptionSettings": [],
            "encryptionSettingsVersion": ""
        },
        "encryption": {
            "type": ""
        },
        "incremental": "",
        "networkAccessPolicy": "",
        "publicNetworkAccess": "",
        "dataAccessAuthMode": "",
        "timeCreated": "",
        "provisioningState": "",
        "diskState": "",
        "diskSizeBytes": "",
        "uniqueId": ""
    }
}

operation: Delete Snapshot

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance whose snapshot is to be deleted. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Snapshot Name	Specify the name of the snapshot to delete.

Output

The output contains the following populated JSON schema:

{
    "result": ""
}

operation: Get NIC Details

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the NIC's resource group to retrieve its details. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Network Interface Name	Select the name of the network interface to retrieve its details. This parameter makes an API call named `list_of_nic` to dynamically populate the Network Interface Name's drop-down selections.

Output

The output contains the following populated JSON schema:

{
    "name": "",
    "id": "",
    "etag": "",
    "properties": {
        "provisioningState": "",
        "resourceGuid": "",
        "ipConfigurations": [
            {
                "name": "",
                "id": "",
                "etag": "",
                "type": "",
                "properties": {
                    "provisioningState": "",
                    "privateIPAddress": "",
                    "privateIPAllocationMethod": "",
                    "subnet": {
                        "id": ""
                    },
                    "primary": "",
                    "privateIPAddressVersion": ""
                }
            }
        ],
        "dnsSettings": {
            "dnsServers": [],
            "appliedDnsServers": [],
            "internalDomainNameSuffix": ""
        },
        "macAddress": "",
        "enableAcceleratedNetworking": "",
        "vnetEncryptionSupported": "",
        "enableIPForwarding": "",
        "disableTcpStateTracking": "",
        "networkSecurityGroup": {
            "id": ""
        },
        "primary": "",
        "virtualMachine": {
            "id": ""
        },
        "hostedWorkloads": [],
        "tapConfigurations": [],
        "nicType": "",
        "allowPort25Out": ""
    },
    "type": "",
    "location": "",
    "kind": ""
}

operation: Get NSG Details

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the NSG's resource group to retrieve its details. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Network Security Group Name	Select the name of the network security group whose details to retrieve. This parameter makes an API call named `list_of_nsg` to dynamically populate the Network Security Group Name's drop-down selections.

Output

The output contains the following populated JSON schema:

{
    "name": "",
    "id": "",
    "etag": "",
    "type": "",
    "location": "",
    "properties": {
        "provisioningState": "",
        "resourceGuid": "",
        "securityRules": [
            {
                "name": "",
                "id": "",
                "etag": "",
                "type": "",
                "properties": {
                    "provisioningState": "",
                    "protocol": "",
                    "sourcePortRange": "",
                    "destinationPortRange": "",
                    "sourceAddressPrefix": "",
                    "destinationAddressPrefix": "",
                    "access": "",
                    "priority": "",
                    "direction": "",
                    "sourcePortRanges": [],
                    "destinationPortRanges": [],
                    "sourceAddressPrefixes": [],
                    "destinationAddressPrefixes": []
                }
            }
        ],
        "defaultSecurityRules": [
            {
                "name": "",
                "id": "",
                "etag": "",
                "type": "",
                "properties": {
                    "provisioningState": "",
                    "description": "",
                    "protocol": "",
                    "sourcePortRange": "",
                    "destinationPortRange": "",
                    "sourceAddressPrefix": "",
                    "destinationAddressPrefix": "",
                    "access": "",
                    "priority": "",
                    "direction": "",
                    "sourcePortRanges": [],
                    "destinationPortRanges": [],
                    "sourceAddressPrefixes": [],
                    "destinationAddressPrefixes": []
                }
            }
        ],
        "networkInterfaces": [
            {
                "id": ""
            }
        ]
    }
}

Included playbooks

The Sample - Azure Compute - 1.2.0 playbook collection comes bundled with the Azure Compute connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Azure Compute connector.

Create an Instance
Create Snapshot
Delete an Instance
Delete Snapshot
Get Instance Details
Get NIC Details
Get NSG Details
Get Snapshot Details
List Instances
List Snapshot
Restart an Instance
Start an Instance
Stop an Instance
Update Snapshot

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

Getting Access Tokens

You can get authentication tokens to access the Azure Compute APIs using two methods:

On behalf of the User – Delegate Permission.
Without a User – Application Permission.

For more information, see https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview.

Getting Access Tokens using the On behalf of the user – Delegated Permission method

Ensure that the required permissions are granted for the registration of the application.
For more information see, https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles?toc=/azure/virtual-network/toc.json#network-contributor.
For example, for an Azure Subscriptions User: API/Permission name that should be granted is
- Microsoft.Authorization/*/read
- Microsoft.ClassicCompute/domainNames/*
- Microsoft.ClassicCompute/virtualMachines/*
- Microsoft.ClassicNetwork/networkSecurityGroups/join/action
- Microsoft.ClassicNetwork/reservedIps/link/action
- Microsoft.ClassicNetwork/reservedIps/read
- Microsoft.ClassicNetwork/virtualNetworks/join/action
- Microsoft.ClassicNetwork/virtualNetworks/read
- Microsoft.ClassicStorage/storageAccounts/disks/read
- Microsoft.ClassicStorage/storageAccounts/images/read
- Microsoft.ClassicStorage/storageAccounts/listKeys/action
- Microsoft.ClassicStorage/storageAccounts/read
- Microsoft.Insights/alertRules/*
- Microsoft.ResourceHealth/availabilityStatuses/read
- Microsoft.Resources/deployments/*
- Microsoft.Resources/subscriptions/resourceGroups/read
- Microsoft.Support/*
- Microsoft.Network/* of type Delegate.
The Redirect URL can be directed to any web application in which to receive responses from Azure Compute. If you are unsure about what to set as a redirect URL, you can use https://localhost/myapp.
Copy the following URL and replace the TENANT_ID, CLIENT_ID, and REDIRECT_URI with your own tenant ID, client ID, and redirect URL: https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/authorize?response_type=code&scope=offline_access https://management.azure.com/user_impersonation&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI
Enter the above link with the replaced values and you will be prompted to grant permissions for your Azure Service Management. You will be automatically redirected to a link with the following structure: REDIRECT_URI?code=AUTH_CODE&session_state=SESSION_STATE
Copy the AUTH_CODE (without the code= prefix) and paste it into your instance configuration in the Authorization Code parameter.
Enter your client ID in the Application (client) ID parameter field.
Enter your client secret in the Application (client) Secret parameter field.
Enter your tenant ID in the Directory (tenant) ID parameter field.
Enter your redirect URL in the Redirect URL parameter field. By default, it is set to https://localhost/myapp.

Getting Access Tokens using the Without a User – Application Permission method

Ensure that the required permissions are granted for the registration of the application.
For more information see, https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles?toc=/azure/virtual-network/toc.json#network-contributor.
For example, for an Azure Subscriptions Application User: API/Permission name that should be granted is
- Microsoft.Authorization/*/read
- Microsoft.ClassicCompute/domainNames/*
- Microsoft.ClassicCompute/virtualMachines/*
- Microsoft.ClassicNetwork/networkSecurityGroups/join/action
- Microsoft.ClassicNetwork/reservedIps/link/action
- Microsoft.ClassicNetwork/reservedIps/read
- Microsoft.ClassicNetwork/virtualNetworks/join/action
- Microsoft.ClassicNetwork/virtualNetworks/read
- Microsoft.ClassicStorage/storageAccounts/disks/read
- Microsoft.ClassicStorage/storageAccounts/images/read
- Microsoft.ClassicStorage/storageAccounts/listKeys/action
- Microsoft.ClassicStorage/storageAccounts/read
- Microsoft.Insights/alertRules/*
- Microsoft.ResourceHealth/availabilityStatuses/read
- Microsoft.Resources/deployments/*
- Microsoft.Resources/subscriptions/resourceGroups/read
- and Microsoft.Support/*
- Microsoft.Network/* of type Application.
Enter your client ID in the Application (client) ID parameter field.
Enter your client secret in the Application (client) Secret parameter field.
Enter your tenant ID in the Directory (tenant) ID parameter field.

About the connector

Version information

Connector Version: 1.2.0

FortiSOAR™ Version Tested on: 7.4.0-3024

Azure Compute Version Tested on: Cloud Instance

Authored By: Fortinet

Certified: Yes

Release Notes for version 1.2.0

Following enhancements have been made to the Azure Compute Connector in version 1.2.0:

Following actions have been added:
- Create Snapshot
- List Snapshot
- Get Snapshot Details
- Update Snapshot
- Delete Snapshot
- Get NIC Details
- Get NSG Details
Renamed action Get Instance Info to Get Instance Details

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:

yum install cyops-connector-azure-compute

Prerequisites to configuring the connector

You must have the URL of Azure Compute server to connect and perform automated operations and credentials to access that server.
The FortiSOAR™ server should have outbound connectivity to port 443 on the Azure Compute server.
The URL https://management.azure.com must be allowed on proxy when the FortiSOAR environment is air-gapped.

Minimum Permissions Required

Not Applicable.

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

Parameter	Description
Get Access Token	Select the method using which you will get authentication tokens used to access the security graph APIs. You can choose between On behalf of User – Delegate Permission or Without a User – Application Permission. For more information, see the Getting Access Tokens section.
Server URL	The service-based URL to which you will connect and perform the automated operations.
Client ID	Unique ID of the Azure Active Directory application that is used to create an authentication token required to access the API.
Client Secret	Unique Client Secret of the Azure Active Directory application that is used to create an authentication token required to access the API. For information on how to get the secret key, see https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.
Tenant ID	ID of the tenant that you have been provided for your Azure Active Directory instance.
Authorization Code	(Only Applicable to On behalf of User – Delegate Permission) The authorization code that you acquired during the authorization step. For more information, see the Getting Access Tokens using the On behalf of the user – Delegate Permission method section.
Redirect URL	(Only Applicable to On behalf of User – Delegate Permission) The `redirect_uri` of your app, where authentication responses can be sent and received by your app. The redirect URL that you specify here must exactly match one of the `redirect_uri`s you have registered in your app registration portal. For more information, see the Getting Access Tokens using the On behalf of the user – Delegate Permission method section.
Verify SSL	Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set to `True`.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations:

Function	Description	Annotation and Category
Create an Instance	Creates an instance in the specified resource group based on the subscription ID, name of the resource group, location of the instance, and other input parameters you have specified.	create_instance Investigation
List Instances	Retrieves a list of all instances (VMs) based on subscription ID and resource group you have specified.	list_of_instances Investigation
Get Instance Details	Retrieves all the details of the specified instance from the specified resource group based on the subscription ID, name of the resource group, and name of the VM you have specified.	get_instance_info Investigation
Start an Instance	Starts the specified instance based on the subscription ID, name of the resource group, and name of the VM you have specified.	start_instance Investigation
Stop an Instance	Stops the specified instance based on the subscription ID, name of the resource group, and name of the VM you have specified.	stop_instance Investigation
Restart an Instance	Restarts the specified instance based on the subscription ID, name of the resource group, and name of the VM you have specified.	restart_instance Investigation
Delete an Instance	Deletes the specified instance in the specified resource group based on the subscription ID, name of the resource group, and name of the VM you have specified.	delete_instance Investigation
Create Snapshot	Creates an snapshot in the specified resource group based on the input parameters, such as subscription ID, name of the resource group, location of the instance, etc. you have specified.	create_snapshot Investigation
List Snapshot	Retrieves a list of all snapshot based on subscription ID and resource group you have specified.	list_snapshot Investigation
Get Snapshot Details	Retrieves all the details of the specified snapshot from the specified resource group based on the subscription ID, name of the resource group, and name of the snapshot you have specified.	get_snapshot_info Investigation
Update Snapshot	Update an snapshot in the specified resource group based on the input parameters, such as subscription ID, name of the resource group, name of the snapshot, etc. you have specified.	update_snapshot Investigation
Delete an Snapshot	Deletes the specified snapshot in the specified resource group based on the subscription ID, name of the resource group, and name of the snapshot you have specified.	delete_snapshot Investigation
Get NIC Details	Retrieves all the details of the specified NIC from the specified resource group based on the subscription ID, name of the resource group, and name of the NIC you have specified.	get_nic_details Investigation
Get NSG Details	Retrieves all the details of the specified NSG from the specified resource group based on the subscription ID, name of the resource group, and name of the NSG you have specified.	get_nsg_details Investigation

operation: Create an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group in which to create the instance. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Specify the name of the virtual machine to create.
Location	Select the region or location of the instance to create. This parameter makes an API call named `list_of_locations` to dynamically populate the location's drop-down selections.
VM Size	Select the size of the instance to create. This parameter makes an API call named `list_of_vm_size` to dynamically populate the VM Size's drop-down selections.
Network Security Group Name	Specify the name of network security group name. This parameter makes an API call named `list_of_nic` to dynamically populate its dropdown selections.
Username	Specify the username to create for the instance.
Password	Specify the password to create for the instance.
OS Image Type	Specify the OS image type to create for the instance. You can select from the following options: Custom: Select the VM OS image, from the drop-down list in the VM OS Image field. Marketplace: Specify values in the following fields. VM OS Image Publisher: Select the OS image publisher for the instance to create. VM OS Image Offer: Select the OS image offer for the instance to create. VM OS Image SKU: Select the OS image SKU for the instance to create. VM OS Image Versions: Select the OS image SKU for the instance to create.

Output

The output contains the following populated JSON schema:

{
    "name": "",
    "id": "",
    "type": "",
    "location": "",
    "properties": {
        "vmId": "",
        "hardwareProfile": {
            "vmSize": ""
        },
        "storageProfile": {
            "imageReference": {
                "publisher": "",
                "offer": "",
                "sku": "",
                "version": "",
                "exactVersion": ""
            },
            "osDisk": {
                "osType": "",
                "name": "",
                "createOption": "",
                "caching": "",
                "managedDisk": {
                    "storageAccountType": "",
                    "id": ""
                },
                "deleteOption": "",
                "diskSizeGB": ""
            },
            "dataDisks": []
        },
        "osProfile": {
            "computerName": "",
            "adminUsername": "",
            "linuxConfiguration": {
                "disablePasswordAuthentication": "",
                "provisionVMAgent": "",
                "patchSettings": {
                    "patchMode": "",
                    "assessmentMode": ""
                }
            },
            "secrets": [],
            "allowExtensionOperations": "",
            "requireGuestProvisionSignal": ""
        },
        "networkProfile": {
            "networkInterfaces": [
                {
                    "id": "",
                    "properties": {
                        "deleteOption": ""
                    }
                }
            ]
        },
        "diagnosticsProfile": {
            "bootDiagnostics": {
                "enabled": ""
            }
        },
        "provisioningState": "",
        "timeCreated": ""
    }
}

operation: List Instances

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance to list. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.

Output

The output contains the following populated JSON schema:

{
    "name": "",
    "id": "",
    "type": "",
    "location": "",
    "properties": {
        "vmId": "",
        "hardwareProfile": {
            "vmSize": ""
        },
        "storageProfile": {
            "imageReference": {
                "publisher": "",
                "offer": "",
                "sku": "",
                "version": "",
                "exactVersion": ""
            },
            "osDisk": {
                "osType": "",
                "name": "",
                "createOption": "",
                "caching": "",
                "managedDisk": {
                    "storageAccountType": "",
                    "id": ""
                },
                "deleteOption": "",
                "diskSizeGB": ""
            },
            "dataDisks": []
        },
        "osProfile": {
            "computerName": "",
            "adminUsername": "",
            "linuxConfiguration": {
                "disablePasswordAuthentication": "",
                "provisionVMAgent": "",
                "patchSettings": {
                    "patchMode": "",
                    "assessmentMode": ""
                }
            },
            "secrets": [],
            "allowExtensionOperations": "",
            "requireGuestProvisionSignal": ""
        },
        "networkProfile": {
            "networkInterfaces": [
                {
                    "id": "",
                    "properties": {
                        "deleteOption": ""
                    }
                }
            ]
        },
        "diagnosticsProfile": {
            "bootDiagnostics": {
                "enabled": ""
            }
        },
        "provisioningState": "",
        "timeCreated": ""
    }
}

operation: Get Instance Details

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance whose information is to be retrieved. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine whose details to retrieve. This parameter makes an API call named `list_of_instances_only_names` to dynamically populate the Virtual Machine Name's drop-down selections.

Output

The output contains the following populated JSON schema:

{
    "name": "",
    "id": "",
    "type": "",
    "location": "",
    "properties": {
        "vmId": "",
        "hardwareProfile": {
            "vmSize": ""
        },
        "storageProfile": {
            "imageReference": {
                "publisher": "",
                "offer": "",
                "sku": "",
                "version": "",
                "exactVersion": ""
            },
            "osDisk": {
                "osType": "",
                "name": "",
                "createOption": "",
                "caching": "",
                "managedDisk": {
                    "storageAccountType": "",
                    "id": ""
                },
                "deleteOption": "",
                "diskSizeGB": ""
            },
            "dataDisks": []
        },
        "osProfile": {
            "computerName": "",
            "adminUsername": "",
            "linuxConfiguration": {
                "disablePasswordAuthentication": "",
                "provisionVMAgent": "",
                "patchSettings": {
                    "patchMode": "",
                    "assessmentMode": ""
                }
            },
            "secrets": [],
            "allowExtensionOperations": "",
            "requireGuestProvisionSignal": ""
        },
        "networkProfile": {
            "networkInterfaces": [
                {
                    "id": "",
                    "properties": {
                        "deleteOption": ""
                    }
                }
            ]
        },
        "diagnosticsProfile": {
            "bootDiagnostics": {
                "enabled": ""
            }
        },
        "provisioningState": "",
        "timeCreated": ""
    }
}

operation: Start an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance to be started. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine to start. This parameter makes an API call named `list_of_instances_only_names` to dynamically populate the Virtual Machine Name's drop-down selections.

Output

The output contains the following populated JSON schema:

{
    "result": ""
}

operation: Stop an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance to be stopped. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine to stop. This parameter makes an API call named `list_of_instances_only_names` to dynamically populate the Virtual Machine Name's drop-down selections.

Output

The output contains the following populated JSON schema:

{
    "result": ""
}

operation: Restart an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance to be restarted. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine to restart. This parameter makes an API call named `list_of_instances_only_names` to dynamically populate the Virtual Machine Name's drop-down selections.

Output

The output contains the following populated JSON schema:

{
    "result": ""
}

operation: Delete an Instance

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance to be deleted. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Virtual Machine Name	Select the name of the virtual machine to delete. This parameter makes an API call named `list_of_instances_only_names` to dynamically populate the Virtual Machine Name's drop-down selections.

Output

The output contains the following populated JSON schema:

{
    "result": ""
}

operation: Create Snapshot

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance whose snapshot is to be created. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Snapshot Name	Specify the name of the snapshot that is being created. The name can't be changed after the snapshot is created. Supported characters for the name are `a-z`, `A-Z`, `0-9`, `_` and `-`. The max length of the name is `80` characters.
Location	Select the region or location of the snapshot to create. This parameter makes an API call named `list_of_locations` to dynamically populate the location's drop-down selections.
Creation Option	Select the source of a disk's creation. You can choose from the following options: Copy: Specify the ARM ID of the source snapshot or disk in the Source Resource ID. CopyStart: Specify values in following fields: Source Resource ID: Specify the ARM ID of the source snapshot or disk. Completion Percent: Specify the completion percentage of the background copy when a resource is created via the CopyStart operation. Empty: Specify the size of the disk, to create an empty data disk, in the Disk Size GB field. FromImage: Select one of the following options to create a new disk from a platform image: galleryImageReference: Specify values in following fields for user images stored in the Azure Gallery: ID: Specify the ARM ID of the shared galley image version from which to create a disk. Index: Specify the index of the data disks in the image to use. For OS disks, this field is `null`. imageReference: Specify values in following fields for platform images from the Azure platform image repository. ID: Specify the relative URI containing a Platform Image Repository. Index: Specify the index of the data disks in the image to use. For OS disks, this field is `null`. Import: Specify values in the following fields: Storage Account ID: Specify the Azure Resource Manager identifier of the storage account containing the blob to import as a disk. Source URI: Specify the URI of a blob to be imported into a managed disk. ImportSecure: Specify values in the following fields: Source URI: Specify the URI of a blob to be imported into a managed disk. Security Data URI: Specify the URI of a blob to be imported into VM guest state in the Security Data URI field.
Disk Size GB	Specify the size of the disk to create or resize. If Create Option parameter is Empty, this field is mandatory and it indicates the size of the disk to create. If this field is present for updates or creation with other options, it indicates a resize. Resizes are only allowed if the disk is not attached to a running VM, and can only increase the disk's size.
Logical Sector Size	Specify the logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. 4096 is the default.
Source Unique ID	Specify the unique ID identifying the source of this resource.
Extended Location	Specify the extended location where the snapshot will be created. Extended location cannot be changed.
Disk Access ID	Specify the ARM ID of the DiskAccess resource for using private endpoints on disks.
Incremental	Specify if the snapshot is incremental. Incremental snapshots on the same disk occupy less space than full snapshots and can be diffed.
Tags	Specify the tags of the snapshot to update.
Encryption Type	Select the type of key used to encrypt the data of the disk. You can choose from following options: EncryptionAtRestWithCustomerKey: Specify the resource ID of the disk encryption set to use for enabling encryption at rest in the Resource ID of Disk Encryption field. EncryptionAtRestWithPlatformAndCustomerKeys: Specify the resource ID of the disk encryption set to use for enabling encryption at rest in the Resource ID of Disk Encryption field. EncryptionAtRestWithPlatformKey
Network Access Policy	Select the policy for accessing the disk via network. You can choose from the following options: AllowAll AllowPrivate DenyAll
OS Type	Select the type of the operating system of the snapshot to create. You can choose from the following options: Linux Windows
Data Access AuthMode	Specify the additional authentication requirements when exporting or uploading to a disk or snapshot. You can choose from the following options: AzureActiveDirectory None
HyperVGeneration	Select the hypervisor generation for the virtual machine. This option is applicable to OS disks only.
Snapshot SKU	Specify the SKU name of the snapshot to create in Azure Compute. It can be `Standard_LRS`, `Premium_LRS`, or `Standard_ZRS`. By default, the SKU is set to the same as that of the previous snapshot.
Snapshot SKU Tier	Specify the SKU tier of the snapshot to create in Azure Compute.
Custom Properties	Specify additional properties, in JSON format, of the snapshot to create in Azure Compute. The additional properties signify additional fields associated with the snapshot.

Output

The output contains the following populated JSON schema:

{
    "name": "",
    "id": "",
    "type": "",
    "location": "",
    "tags": {},
    "sku": {
        "name": "",
        "tier": ""
    },
    "properties": {
        "osType": "",
        "hyperVGeneration": "",
        "supportsHibernation": "",
        "supportedCapabilities": {
            "acceleratedNetwork": "",
            "architecture": ""
        },
        "creationData": {
            "createOption": "",
            "sourceResourceId": "",
            "sourceUniqueId": ""
        },
        "diskSizeGB": "",
        "encryptionSettingsCollection": {
            "enabled": "",
            "encryptionSettings": [],
            "encryptionSettingsVersion": ""
        },
        "encryption": {
            "type": ""
        },
        "incremental": "",
        "networkAccessPolicy": "",
        "publicNetworkAccess": "",
        "dataAccessAuthMode": "",
        "timeCreated": "",
        "provisioningState": "",
        "diskState": "",
        "diskSizeBytes": "",
        "uniqueId": ""
    }
}

operation: List Snapshot

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance whose snapshot is to be listed. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.

Output

The output contains the following populated JSON schema:

{
    "name": "",
    "id": "",
    "type": "",
    "location": "",
    "tags": {},
    "sku": {
        "name": "",
        "tier": ""
    },
    "properties": {
        "osType": "",
        "hyperVGeneration": "",
        "supportsHibernation": "",
        "supportedCapabilities": {
            "acceleratedNetwork": "",
            "architecture": ""
        },
        "creationData": {
            "createOption": "",
            "sourceResourceId": "",
            "sourceUniqueId": ""
        },
        "diskSizeGB": "",
        "encryptionSettingsCollection": {
            "enabled": "",
            "encryptionSettings": [],
            "encryptionSettingsVersion": ""
        },
        "encryption": {
            "type": ""
        },
        "incremental": "",
        "networkAccessPolicy": "",
        "publicNetworkAccess": "",
        "dataAccessAuthMode": "",
        "timeCreated": "",
        "provisioningState": "",
        "diskState": "",
        "diskSizeBytes": "",
        "uniqueId": ""
    }
}

operation: Get Snapshot Details

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance whose snapshot information is to be retrieved. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Snapshot Name	Specify the name of the snapshot to retrieve its details.

Output

The output contains the following populated JSON schema:

{
    "name": "",
    "id": "",
    "type": "",
    "location": "",
    "tags": {},
    "sku": {
        "name": "",
        "tier": ""
    },
    "properties": {
        "osType": "",
        "hyperVGeneration": "",
        "supportsHibernation": "",
        "supportedCapabilities": {
            "acceleratedNetwork": "",
            "architecture": ""
        },
        "creationData": {
            "createOption": "",
            "sourceResourceId": "",
            "sourceUniqueId": ""
        },
        "diskSizeGB": "",
        "encryptionSettingsCollection": {
            "enabled": "",
            "encryptionSettings": [],
            "encryptionSettingsVersion": ""
        },
        "encryption": {
            "type": ""
        },
        "incremental": "",
        "networkAccessPolicy": "",
        "publicNetworkAccess": "",
        "dataAccessAuthMode": "",
        "timeCreated": "",
        "provisioningState": "",
        "diskState": "",
        "diskSizeBytes": "",
        "uniqueId": ""
    }
}

operation: Update Snapshot

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance whose snapshot is to be updated. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Snapshot Name	Specify the name of the snapshot that is being updated. Supported characters for the name are `a-z`, `A-Z`, `0-9`, `_` and `-`. The max length of the name is `80` characters.
Data Access AuthMode	Select the additional authentication requirements when exporting or uploading to a disk or snapshot. You can choose from the following options: AzureActiveDirectory None
Disk Access ID	Specify the ARM ID of the DiskAccess resource for using private endpoints on disks.
Disk Size GB	Specify the size of the disk to resize. If Create Option parameter is Empty, this field is mandatory and it indicates the size of the disk to create. If this field is present for updates or creation with other options, it indicates a resize. Resizes are only allowed if the disk is not attached to a running VM, and can only increase the disk's size.
Encryption Type	Select the type of key used to encrypt the data of the disk. You can choose from following options: EncryptionAtRestWithCustomerKey: Specify the resource ID of the disk encryption set to use for enabling encryption at rest in the Resource ID of Disk Encryption field. EncryptionAtRestWithPlatformAndCustomerKeys: Specify the resource ID of the disk encryption set to use for enabling encryption at rest in the Resource ID of Disk Encryption field. EncryptionAtRestWithPlatformKey
Network Access Policy	Specify the policy for accessing the disk via network.
OS Type	Specify the type of the operating system of the snapshot that has to be update.
Tags	Specify the tags of the snapshot that has to be update
Snapshot SKU	Specify the SKU name of the snapshot to create in Azure Compute. It can be `Standard_LRS`, `Premium_LRS`, or `Standard_ZRS`. By default, the SKU is set to the same as that of the previous snapshot.
Snapshot SKU Tier	Specify the SKU tier of the snapshot to create in Azure Compute.
Custom Properties	Specify additional properties, in JSON format, of the snapshot to create in Azure Compute. The additional properties signify additional fields associated with the snapshot.

Output

The output contains the following populated JSON schema:

{
    "name": "",
    "id": "",
    "type": "",
    "location": "",
    "tags": {},
    "sku": {
        "name": "",
        "tier": ""
    },
    "properties": {
        "osType": "",
        "hyperVGeneration": "",
        "supportsHibernation": "",
        "supportedCapabilities": {
            "acceleratedNetwork": "",
            "architecture": ""
        },
        "creationData": {
            "createOption": "",
            "sourceResourceId": "",
            "sourceUniqueId": ""
        },
        "diskSizeGB": "",
        "encryptionSettingsCollection": {
            "enabled": "",
            "encryptionSettings": [],
            "encryptionSettingsVersion": ""
        },
        "encryption": {
            "type": ""
        },
        "incremental": "",
        "networkAccessPolicy": "",
        "publicNetworkAccess": "",
        "dataAccessAuthMode": "",
        "timeCreated": "",
        "provisioningState": "",
        "diskState": "",
        "diskSizeBytes": "",
        "uniqueId": ""
    }
}

operation: Delete Snapshot

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the resource group of the instance whose snapshot is to be deleted. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Snapshot Name	Specify the name of the snapshot to delete.

Output

The output contains the following populated JSON schema:

{
    "result": ""
}

operation: Get NIC Details

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the NIC's resource group to retrieve its details. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Network Interface Name	Select the name of the network interface to retrieve its details. This parameter makes an API call named `list_of_nic` to dynamically populate the Network Interface Name's drop-down selections.

Output

The output contains the following populated JSON schema:

{
    "name": "",
    "id": "",
    "etag": "",
    "properties": {
        "provisioningState": "",
        "resourceGuid": "",
        "ipConfigurations": [
            {
                "name": "",
                "id": "",
                "etag": "",
                "type": "",
                "properties": {
                    "provisioningState": "",
                    "privateIPAddress": "",
                    "privateIPAllocationMethod": "",
                    "subnet": {
                        "id": ""
                    },
                    "primary": "",
                    "privateIPAddressVersion": ""
                }
            }
        ],
        "dnsSettings": {
            "dnsServers": [],
            "appliedDnsServers": [],
            "internalDomainNameSuffix": ""
        },
        "macAddress": "",
        "enableAcceleratedNetworking": "",
        "vnetEncryptionSupported": "",
        "enableIPForwarding": "",
        "disableTcpStateTracking": "",
        "networkSecurityGroup": {
            "id": ""
        },
        "primary": "",
        "virtualMachine": {
            "id": ""
        },
        "hostedWorkloads": [],
        "tapConfigurations": [],
        "nicType": "",
        "allowPort25Out": ""
    },
    "type": "",
    "location": "",
    "kind": ""
}

operation: Get NSG Details

Input parameters

Parameter	Description
Subscription ID	Select the subscription credentials that uniquely identify the Azure subscription. The subscription ID forms part of the URI for every service call. This parameter makes an API call named `list_of_subscriptions` to dynamically populate the Subscription ID's drop-down selections.
Resource Group Name	Select the name of the NSG's resource group to retrieve its details. This parameter makes an API call named `list_of_resource_groups` to dynamically populate the Resource Group Name's drop-down selections.
Network Security Group Name	Select the name of the network security group whose details to retrieve. This parameter makes an API call named `list_of_nsg` to dynamically populate the Network Security Group Name's drop-down selections.

Output

The output contains the following populated JSON schema:

{
    "name": "",
    "id": "",
    "etag": "",
    "type": "",
    "location": "",
    "properties": {
        "provisioningState": "",
        "resourceGuid": "",
        "securityRules": [
            {
                "name": "",
                "id": "",
                "etag": "",
                "type": "",
                "properties": {
                    "provisioningState": "",
                    "protocol": "",
                    "sourcePortRange": "",
                    "destinationPortRange": "",
                    "sourceAddressPrefix": "",
                    "destinationAddressPrefix": "",
                    "access": "",
                    "priority": "",
                    "direction": "",
                    "sourcePortRanges": [],
                    "destinationPortRanges": [],
                    "sourceAddressPrefixes": [],
                    "destinationAddressPrefixes": []
                }
            }
        ],
        "defaultSecurityRules": [
            {
                "name": "",
                "id": "",
                "etag": "",
                "type": "",
                "properties": {
                    "provisioningState": "",
                    "description": "",
                    "protocol": "",
                    "sourcePortRange": "",
                    "destinationPortRange": "",
                    "sourceAddressPrefix": "",
                    "destinationAddressPrefix": "",
                    "access": "",
                    "priority": "",
                    "direction": "",
                    "sourcePortRanges": [],
                    "destinationPortRanges": [],
                    "sourceAddressPrefixes": [],
                    "destinationAddressPrefixes": []
                }
            }
        ],
        "networkInterfaces": [
            {
                "id": ""
            }
        ]
    }
}

Included playbooks

Create an Instance
Create Snapshot
Delete an Instance
Delete Snapshot
Get Instance Details
Get NIC Details
Get NSG Details
Get Snapshot Details
List Instances
List Snapshot
Restart an Instance
Start an Instance
Stop an Instance
Update Snapshot

Getting Access Tokens

You can get authentication tokens to access the Azure Compute APIs using two methods:

On behalf of the User – Delegate Permission.
Without a User – Application Permission.

For more information, see https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview.

Getting Access Tokens using the On behalf of the user – Delegated Permission method

Ensure that the required permissions are granted for the registration of the application.
For more information see, https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles?toc=/azure/virtual-network/toc.json#network-contributor.
For example, for an Azure Subscriptions User: API/Permission name that should be granted is
- Microsoft.Authorization/*/read
- Microsoft.ClassicCompute/domainNames/*
- Microsoft.ClassicCompute/virtualMachines/*
- Microsoft.ClassicNetwork/networkSecurityGroups/join/action
- Microsoft.ClassicNetwork/reservedIps/link/action
- Microsoft.ClassicNetwork/reservedIps/read
- Microsoft.ClassicNetwork/virtualNetworks/join/action
- Microsoft.ClassicNetwork/virtualNetworks/read
- Microsoft.ClassicStorage/storageAccounts/disks/read
- Microsoft.ClassicStorage/storageAccounts/images/read
- Microsoft.ClassicStorage/storageAccounts/listKeys/action
- Microsoft.ClassicStorage/storageAccounts/read
- Microsoft.Insights/alertRules/*
- Microsoft.ResourceHealth/availabilityStatuses/read
- Microsoft.Resources/deployments/*
- Microsoft.Resources/subscriptions/resourceGroups/read
- Microsoft.Support/*
- Microsoft.Network/* of type Delegate.
The Redirect URL can be directed to any web application in which to receive responses from Azure Compute. If you are unsure about what to set as a redirect URL, you can use https://localhost/myapp.
Copy the following URL and replace the TENANT_ID, CLIENT_ID, and REDIRECT_URI with your own tenant ID, client ID, and redirect URL: https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/authorize?response_type=code&scope=offline_access https://management.azure.com/user_impersonation&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI
Enter the above link with the replaced values and you will be prompted to grant permissions for your Azure Service Management. You will be automatically redirected to a link with the following structure: REDIRECT_URI?code=AUTH_CODE&session_state=SESSION_STATE
Copy the AUTH_CODE (without the code= prefix) and paste it into your instance configuration in the Authorization Code parameter.
Enter your client ID in the Application (client) ID parameter field.
Enter your client secret in the Application (client) Secret parameter field.
Enter your tenant ID in the Directory (tenant) ID parameter field.
Enter your redirect URL in the Redirect URL parameter field. By default, it is set to https://localhost/myapp.

Getting Access Tokens using the Without a User – Application Permission method

Ensure that the required permissions are granted for the registration of the application.
For more information see, https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles?toc=/azure/virtual-network/toc.json#network-contributor.
For example, for an Azure Subscriptions Application User: API/Permission name that should be granted is
- Microsoft.Authorization/*/read
- Microsoft.ClassicCompute/domainNames/*
- Microsoft.ClassicCompute/virtualMachines/*
- Microsoft.ClassicNetwork/networkSecurityGroups/join/action
- Microsoft.ClassicNetwork/reservedIps/link/action
- Microsoft.ClassicNetwork/reservedIps/read
- Microsoft.ClassicNetwork/virtualNetworks/join/action
- Microsoft.ClassicNetwork/virtualNetworks/read
- Microsoft.ClassicStorage/storageAccounts/disks/read
- Microsoft.ClassicStorage/storageAccounts/images/read
- Microsoft.ClassicStorage/storageAccounts/listKeys/action
- Microsoft.ClassicStorage/storageAccounts/read
- Microsoft.Insights/alertRules/*
- Microsoft.ResourceHealth/availabilityStatuses/read
- Microsoft.Resources/deployments/*
- Microsoft.Resources/subscriptions/resourceGroups/read
- and Microsoft.Support/*
- Microsoft.Network/* of type Application.
Enter your client ID in the Application (client) ID parameter field.
Enter your client secret in the Application (client) Secret parameter field.
Enter your tenant ID in the Directory (tenant) ID parameter field.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

Azure Compute

Azure Compute v1.2.0

About the connector

Version information

Release Notes for version 1.2.0

Installing the connector

Prerequisites to configuring the connector

Minimum Permissions Required

Configuring the connector

Configuration parameters

Actions supported by the connector

operation: Create an Instance

Input parameters

Output