By: fuzzy borders
Are you having trouble trying to get your Azure assets into your InsightVM security console? In this blog post, we wanted to bring additional insight into leveraging the Azure Discovery Connection with InsightVM.
This blog post is brought to you by the Fuzzy Borders project, whose members come from different teams across Rapid7. Our goal is to find answers for requests that may fall into gray (fuzzy) areas. Our past work includes example API calls and SQL queries for InsightVM Security Consoles.
We hope this blog will help you get started with assessing your Azure virtual machines in InsightVM.
There are 3 main areas of configuration: Azure App Registration, IAM Subscription, and InsightVM Discovery Connection configuration.
Here is the overview of the steps:
Azure Configuration
App RegistrationAPI PermissionsGenerate and Save the Secret ValueIAM role permissions (Subscriptions Tab)Attach Reader role to App RegistrationInsightVM Discovery Connection ConfigurationPrerequisite: Allow outbound traffic to Azure from the InsightVM console server.
Create a new site for Azure assets*Create Azure Discovery ConnectionEnter Azure Tenant ID, Application ID, Application Secret certificate Value*The Azure Site should be dedicated to this discovery connection only.
Please keep note of the following items:
Application ID
Directory ID (a.k.a Tenant ID)
Value for the certificate Secret.
Configure Azure
App RegistrationWe need to establish trust between Rapid7 and Azure. ..
Support the originator by clicking the read the rest link below.