Integrating with Azure Cloud for attack surface management provides a comprehensive view and control over the Assets within your Azure environment. Enhanced Asset management capabilities ensure continuous monitoring, leaving no part of your attack surface unmanaged, thereby minimizing the risk of security incidents and improving overall system resilience.
Setting up the Azure Cloud integration is a streamlined process that facilitates seamless communication between Chariot and Azure. Our walkthrough below will guide you through the integration process.
You're going to be registering an application (Chariot), getting the Application ID, Directory ID, and a New Client Secret. You'll then set the appropriate permissions and add the appropriate information to Chariot to complete the integration.
In your Azure Portal, navigate to Entra ID.
First, in the Azure Default Directory Overview, you will be able to add an application. This application will have default directory access. You can name the application as you see fit and register it. Once registered in Azure, you will be able to see the Application ID and Directory ID. Copy these--they will be needed in Chariot during our final steps in the integration process.
Still in Azure, you will need to add a certificate or secret to generate a secret for the App Registration. Take note of the generated secret, like the Application ID and Directory ID, you will need the Secret Value in Chariot later. NOTE: ensure you are collecting the value rather than the Secret ID--you will not need the Secret ID in Chariot.
Within the Azure Subscriptions page, for each subscription you wish Chariot to scan, create a Role Assignment that grants Reader to the App Registration. On the Chariot application page (this is within your Azure account and what you just created with the Application Register step), click on the subscription and select on the Access-control (IAM) > Add > Add role assignment and then grant the Reader role by adding "Chariot" as a member. NOTE: you may have to type out "Chariot," in full, to populate as a member.
Click Review + assign to complete the role assignment for Chariot.
Repeat the above steps for each subscription you wish to integrate with Chariot.
Now, navigate Chariot's Azure integration, paste in the Application ID, Application Secret, and Tenant ID noted earlier, and click Add.
Chariot will now regularly ingest assets from your Azure environment for risk detection.
We hope this documentation has been helpful. If you find a topic that you would like discussed in detail, or need further assistance, please let us know at support@praetorian.com!