Integrating with Azure Cloud for attack surface management provides a comprehensive view and control over the assets within your Azure environment. Enhanced asset management capabilities ensure continuous monitoring, leaving no part of your attack surface unmanaged, thereby minimizing the risk of security incidents and improving overall system resilience.

Setting up the Azure Cloud integration is a streamlined process that facilitates seamless communication between Chariot and Azure. Our walkthrough below will guide you through the integration process.

You're going to be registering an application ("Chariot Integration," or similar) in Azure. During this process you will get the Application ID, Directory ID, and a New Client Secret. You'll then set the appropriate permissions and add the appropriate information to Chariot to complete the integration.  

In your Azure Portal, navigate to the App Registrations section. On your Azure portal home page, you may see an icon under Azure Services, or you can search "App registrations" and navigate to the appropriate page. 

 

On the Azure App registrations page, click New registration.

In the Register an application section, you can name the integration. There is no need to modify anything else on this page. Click Register.

Screen_Shot_2023-01-11_at_2.19.01_PM.png

Once registered in Azure, you will be able to see the Application ID and Directory ID. Copy these--they will be needed in Chariot during our final steps in the integration process.

 

Still in Azure, click Add a certificate or secret to generate a secret for the App Registration.

Click + New client secret:

 

Take note of the generated secret. Like the Application ID and Directory ID, you will need the Secret Value in Chariot later.

     NOTE: ensure you collect the Value rather than the Secret ID--you will not need the Secret ID.

Within the Azure Subscriptions page, for each subscription you wish Chariot to scan, create a Role Assignment that grants Reader to the Chariot application.

 

To create this role assignment click on the subscription you want Chariot to scan.

On the left hand side of the subscription page, select Access-control (IAM).  

Click AddAdd role assignment. 

Select the Reader role. Click Next.

Click + Select members. Use the search bar to find the application name you registered ("Chariot Integration", in this example)

Click Review + assign to complete the role assignment for Chariot.

Repeat the above steps for each subscription you wish to integrate with Chariot.

Navigate to the Integrations page. On the right hand side of the page, there is an Add Integrations button.

On the integrations menu, you can use the search bar to find Amazon Web Services, or you can chose the Cloud Service Providers category to find Amazon Web Services.

Click Connect:

Paste in the Application ID, Application Secret, and Tenant ID noted earlier, and click Finish.

Chariot will now regularly ingest assets from your Azure environment for risk detection.

We hope this documentation has been helpful. If you find a topic that you would like discussed in detail, or need further assistance, please let us know at support@praetorian.com!