All Collections
Connectors
Cloud
Microsoft Azure Connector (new revision)
Microsoft Azure Connector (new revision)

Learn all about integrating Azure into the Vulcan Platform

Updated over a week ago

Am I reading the right user guide?

Certain connectors have more than one user guide. It depends on the environment's setup and on the connector's available releases (new vs. older revisions).

To access the user guide that is relevant to your environment, simply click on the "How to connect" button located on the connector's setup page. By doing so, you will be directed to the user guide that aligns with your specific environment, ensuring relevancy and accuracy.

Overview

About Azure

Microsoft Azure Virtual Machines are image service instances that provide on-demand and scalable computing resources with usage-based pricing. More info on Azure VM can be found here: https://azure.microsoft.com/en-us/products/virtual-machines/

Why integrate Azure into the Vulcan platform?

The Azure Connector by Vulcan integrates with the Azure platform to pull and ingest cloud assets into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.

Azure Connector Details

Supported products

Azure Virtual Machines

Category

Cloud

Ingested asset type(s)

Hosts

Integration type

UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)

Connector Setup

Prerequisites and user permissions

Before you begin configuring the Connector, make sure you:

  1. Create an Azure Application

  2. Obtain the required parameters for the connector's configuration

  3. Grant the Azure Application API permissions

Creating Azure Application

  1. Sign in to the Azure Portal Go to the Azure portal at https://portal.azure.com and sign in with your Azure account.

  2. In the Azure portal, click on "Azure Active Directory" in the left-hand navigation pane.

  3. Under "Manage," click on "App registrations."

  4. Click on the "+ New registration" button to create a new application registration.

  5. Enter a name for your application (e.g. Vulcan API). This will be the display name shown in the Azure portal for this application.

  6. Choose the supported account types. For most scenarios, you can select "Accounts in this organizational directory only" unless you have specific requirements for multi-tenant support.

  7. In the "Redirect URI (optional)" section, specify the redirect URI where users will be sent after signing in. For testing purposes, you can use "https://localhost" for web applications or leave it blank for non-web applications.

  8. Click on the "Register" button to create the application.

Obtaining Client ID and Client Secret

  1. After the application is created, you'll be redirected to the application overview page.

  2. Note down the "Application (client) ID" and "Directory (tenant) ID".

  3. To create a client secret, click on "Certificates & secrets" in the left-hand navigation pane under "Manage."

  4. Under the "Client secrets" section, click on "+ New client secret."

  5. Enter a description for the secret and choose the expiration duration (or select "Never" to make it non-expiring).

  6. Click on the "Add" button, and the client secret value will be displayed. Make sure to copy and securely store this value as it will not be displayed again.

  7. The last required parameter is the Subscription ID. In the top search bar, Search for Subscriptions and copy the Subscription ID of the relevant subscription.

Note that at the end of these steps you should hold the following values:

  • Application (client) ID

  • Directory (tenant) ID

  • Client Secret

  • Subscription ID

Granting the Azure application API permissions

  1. In the Microsoft Azure Portal, go to Subscriptions.

  2. Click the applicable subscription.

  3. In the Overview page of the chosen subscription, click on Access Control (IAM) and click on Add.

  4. Click on Add role assignment

  5. In the Role drop-down choose Reader.

  6. In the Assign access drop-down, select Azure AD user, group, or service principal

  7. In the Select drop-down, select your Azure Application

  8. Click on Save.

Review the API permissions at:

Azure active directory > App Registrations > select your client application > API Permissions.

Example:

Configuring the Azure Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Azure icon.

  4. Set up the Connector as follows:

    • Enter the Tenant ID, Client ID, and Client Secret (Service principal password) you obtained earlier.

  5. Click on Load Subscription and select the relevant Azure subscriptions.

  6. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Azure instance, then click Create (or Save Changes).

  7. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  8. Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.

  9. To confirm the sync is complete, navigate to the Connectors page. Once the Azure icon shows Connected, the sync is complete.

Azure in the Vulcan Platform

Viewing Azure assets in the Vulcan Platform

To view assets by Connector/Source:

  1. Go to the Assets page.

  2. Click on the relevant asset type tab.

  3. Use the Search or filter input box to select Connector from the drop-down selection.

  4. Select Azure from the Asset source/Connector list to filter results and view all synced assets.
    See the complete list of available asset filters per asset type

From Azure to the Vulcan Platform - Data Mapping

The Vulcan Platform integrates with Azure through API to pull relevant cloud assets data and map it into the Vulcan Platform pages and fields.

Hosts field mapping

Azure field

Vulcan field

properties.vmId

Uniqueness criteria

name

Asset Name

`Vm ID`: properties.vmId

`Subscription ID`: subscription_id

Asset details

Hosts

Asset type

network_interface.data.properties.ipConfigurations.properties.privateIPAddress

`publicIps.data.properties.ipAddress

IP

properties.storageProfile.osDisk.osType

OS

instance_view.data.osName

OS Version

If the status "ProvisioningState" exists, the time stamp of this status is retrieved. If not, the time stamp of the status "instance_view.data.statuses" is retrieved instead.

Created date

network_interface.data.properties.ipConfigurations

Multiple mac addresses

tags

Asset Tags - Vendor’s tags

subscription_id

Asset Tags - Additional

Status Update Mechanisms

Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any added).

The table below lists how the status update mechanism works in the Azure connector for the ingested assets in the Vulcan Platform.

Update type

Mechanism

Archiving Assets

- An asset not found on the connector's last sync

- By X days according to "Last seen". If the Asset hasn’t been seen for X days.

- By asset status. If the asset on Azure changes status to one of the following:
"Stopping", "stopped", "deallocating", "deallocated", "VM deallocated".

Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).

API Endpoints in Use

API version: 2021-04-01, 2021-03-01, 2020-11-01

API URL: https://management.azure.com

API

Use in Vulcan

https://login.microsoftonline.com/{{ tenant_id }}/oauth2/token

Authentication

https://management.azure.com/subscriptions/{{ subscription_id }}/resourcegroups?api-version=2021-04-01

Resource groups

https://management.azure.com/subscriptions/{{ subscription_id }}/resourceGroups/{{ group_name }}/providers/Microsoft.Compute/virtualMachines?api-version=2021-03-01

Virtual Machines

https://management.azure.com/subscriptions/{{ subscription_id }}/resourceGroups/{{ group_id }}/providers/Microsoft.Network/networkInterfaces/{{ network_interface_id }}?api-version=2020-11-01

Network interfaces - Private IPS, MAC

https://management.azure.com/subscriptions/{{ subscription_id }}/resourceGroups/{{ group_id }}/providers/Microsoft.Network/publicIPAddresses/{{ public_ip_id }}?api-version=2020-11-01

Public IPS

https://management.azure.com/subscriptions/{{ subscription_id }}/resourceGroups/{{ group_id }}/providers/Microsoft.Compute/virtualMachines/{{ vm_id }}/instanceView?api-version=2021-03-01

Virtual Machine Details

Data Validation

The purpose of this "Data Validation" section is to provide a clear understanding of how data and assets from Azure appear in the Vulcan Platform.

Validate Hosts

On Azure VM you can find the list of VMs that are ingested into the Vulcan Platform.

Example:

The same number of assets should also appear on the Vulcan Platform under Assets > Hosts, filtered by Azure connector.

Example:


Related Articles
Microsoft Azure Connector (previous revision)
Microsoft Defender for Cloud Connector (previous revision)
WhiteHat Connector (new revision)
Microsoft Defender Vulnerability Management Connector
Microsoft Defender for Cloud Connector (new revision)
Did this answer your question?