If you're having trouble at any stage please contact us at support@skyformation.com.
Preface
The goal of this guide is to add a new SkyFormation's Azure Cloud App Connector to your SkyFormation Platform.
Prerequisites
- Create Azure app for the SkyFormation app integration.
To complete please follow the steps detailed at :Create Azure AD Application for the SkyFormation Azure Connector
Starting from release 2.4.108, 2 authentication methods are available:
1) oauth2
2) certificate
For oauth2, you need to provide: client-id and client-secret.
For certificate, you need to provide: client-id, private key and certificate.
- Have the following information available:
* Azure tenant ID
* Client ID (of the SkyFormation app created in Azure)
* Secret ID (of the SkyFormation app created in Azure) -only if you chose oauth2 authentication
* Certificate - only if you chose certificate authentication
* Private key - only if you chose certificate authentication
Domains and URLs to be Approachable from SkyFormation Machine
- Cloud - Azure AD (global service)
- https://graph.microsoft.com
- http://go.microsoft.com
- https://*.core.windows.net
- https://management.azure.com
- https://management.core.windows.net:8443
- https://*.database.windows.net
- https://gallery.azure.com
- https://login.microsoftonline.com
- https://graph.windows.net
- https://datalake.azure.net
- https://*.vault.azure.net
- https://*.azuredatalakestore.net
- https://*.azuredatalakeanalytics.net
- https://api.loganalytics.io
- https://api.applicationinsights.io
- Cloud - Azure AD China operated by 21Vianet
- https://microsoftgraph.chinacloudapi.cn
- http://go.microsoft.com
- https://management.chinacloudapi.cn
- https://management.core.chinacloudapi.cn:8443
- https://*.database.chinacloudapi.cn
- https://gallery.chinacloudapi.cn
- https://login.chinacloudapi.cn
- https://graph.chinacloudapi.cn
- https://*.core.chinacloudapi.cn
- https://*.vault.azure.cn
- Cloud - Azure AD Germany
- https://graph.microsoft.de
- http://portal.microsoftazure.de
- https://manage.microsoftazure.de
- https://*.core.cloudapi.de
- https://management.core.cloudapi.de:8443
- https://*.database.cloudapi.de
- https://gallery.cloudapi.de
- https://login.microsoftonline.de
- https://graph.cloudapi.de
- https://*.vault.microsoftazure.de
- Cloud - Azure AD for US Government
Steps
1. Logon to your SkyFormation Platform:
2. Navigate via left navigation panel to "Settings" section
3. Navigate via New Settings left navigation panel to "Accounts" section
4. Click the "Add Account" bottom
5. At the "SELECT SERVICE TO ADD" choose "Azure Microsoft"
You will see the below screen:
5. Fill in the following information:
- Account Name
Give this Azure connector a meaningful name for you. This will become your cloud app
connector name displayed in the application and the events sent to external systems
as SIEM/Log management system.
e.g. "Corp Azure staging cloud"
- Description
Add and text that describe the cloud app connector.
e.g. "This is our corporate Azure cloud environment for staging"
- Authentication Method
Starting from release 2.4.108, can be either oauth2 or certificate
- Client-id
The SkyFormation app generated client ID in the prerequisites
e.g. 4e11ab22-6d1c-5077-9d73-f7776d3851e8
- Client-Secret
The SkyFormation app generated client secret in the prerequisites. Required only if your authentication method is "oauth2".
e.g. W17FnTeyRWUasdTGBdVeB+A3kASDaYUH0lre+MzuxRT=
- Certificate
The content of the certificate file from the prerequisites section. Required only if your authentication method is "certificate".
e.g:
-----BEGIN CERTIFICATE-----
*****************
*****************
*****************
.....
-----END CERTIFICATE-----
- Private Key
The content of the private file from the prerequisites section. Required only if your authentication method is "certificate".
e.g:
-----BEGIN PRIVATE KEY-----
**************
**************
**************
.....
-----END PRIVATE KEY-----
- Tenant-id
The Azure tenant id you got at the prerequisites
e.g. 3d70c501-bb21-1122-9330-c4a25e252086
- Cloud (support Azure National Clouds)
WARNING: This field should only be changed from its default "Azure AD (global service)"
if your Azure is one of the Azure National Clouds :
() China () Germany () US Government.
To set your Azure National cloud in use please choose the one from the dropdown list:
6. Click "SAVE" bottom
7. Make sure the status of the new Azure connector "STATUS" in the table is OK and green.
Optional
8. To add an EventHub endpoint to your Azure connector please follow the steps described at:
How to Configure Azure EventHub endpoint in an existing Azure connector
9. To modify the data collected from Azure Log Analytics (a.k.a ALA, OMS Workspaces), edit the base search query for each- click the "EDIT" button of the Azure account, find the section for the ALA by its name, and replace the default query ("search *") to any search query you wish.
* Make sure not to add limitation to the TimeGenerated column. that is added by the connector itself to build time buckets for its syncs.
* Make sure that the output of your query contains the TimeGenerated column.
* You can use any query, including saved functions built and save in the workspace
DONE
Next Steps
Now you are ready to add a configure the events that would be sent to your SIEM/Splunk and the SkyFormation console for the just added SkyFormation Azure connector.
To learn more go to: How to: Configure A Cloud App Connector To Send Events To SIEM
Comments
0 comments
Please sign in to leave a comment.