Last updated at Wed, 08 Nov 2023 14:00:00 GMT
通过:模糊边界
Are you having trouble trying to get your Azure assets into your InsightVM security console? In this blog post, we wanted to bring additional insight into leveraging the Azure发现连接 与InsightVM.
This blog post is brought to you by the Fuzzy Borders project, whose members come from different teams across Rapid7. Our goal is to find answers for requests that may fall into gray (fuzzy) areas. 我们过去的工作包括 示例API 电话和 SQL查询 for InsightVM Security Consoles.
We hope this blog will help you get started with assessing your Azure virtual machines in InsightVM.
There are 3 main areas of configuration: Azure 应用程序注册, 我的订阅, 和 InsightVM Discovery Connection configuration.
Here is the overview of the steps:
Azure配置
- 应用程序注册
- API的权限
- Generate 和 Save the Secret 价值
- IAM role permissions (Subscriptions Tab)
- Attach 读er role to 应用程序注册
InsightVM Discovery Connection Configuration
先决条件:允许 到Azure的出站流量 from the InsightVM console server.
- Create a new site for Azure assets*
- Create Azure发现连接
- Enter Azure 承租者ID, 应用程序ID, Application Secret certificate 价值
*The Azure Site should be dedicated to this discovery connection only.
Please keep note of the following items:
应用程序ID
目录ID (a).k.租户身份证)
价值 为证书保密.
配置Azure
We need to establish trust between Rapid7 和 Azure. 点击“App注册”
点击:新注册
Enter a display name for the application 和 click Register at the bottom. In this example we use “FuzzyDiscovery”
我们保留默认值. Once you click Register it will return the 应用程序ID, 和 目录ID (a).k.租户身份证) that will be required in later steps.
提示:
Either take a screenshot or copy 和 paste both the Application 和 导演y ID to a secure location to reference later.
Generate 和 Save the Secret 价值
点击证书 & Secrets, click: Client Secrets, 和 add New Client Secret
Important Note: We require the generated Secret Certificate 价值, not the Secret ID.
配置API权限
Click on “Add a Permission” 搜索 和 Select: “导演y.读.All”, 和 click Grant 和 Consent
订阅访问
Click Home, 和 click Subscription, to set up our IAM role.
在订阅页面中, 单击“访问控制(IAM)”, 和 click Add Role Assignment under “Grant access to this resource”
选择读er角色
Enter the member created earlier. (例如:FuzzyDiscovery)
配置控制台
先决条件:允许 outbound access to Azure http://docs.domestictunerz.com/nexpose/creating-and-managing-dynamic-discovery-connections/#preparing-insightvm
Create a dedicated new Site as a Destination for your Azure assets http://docs.domestictunerz.com/nexpose/creating-and-managing-dynamic-discovery-connections/#adding-a-microsoft-azure-connection
Create Azure发现连接
Navigate to Administration - click: Discovery Connections
From Azure 应用程序注册 fill out:
承租者ID
应用程序ID
Application Security Certificate 价值 previously generated in Azure
Please note: In the case the secret was not saved previously, a new secret will have to be generated, 和 the previously generated secret can be revoked.
故障排除技巧:
In the InsightVM console logs, review the eso.log for any errors 和 provide logs to support via a case.
