Skip to main content

AQUILA CSPM - Azure Integration

This manual explains how to get started monitoring the security posture of your Azure CSP using the Cloud Security Posture Management (CSPM) feature.

Requirements

  • The user who gives the CSPM integration permissions in Azure must be an Azure subscription admin.

Setup

Option 1: Service principal with client secret   (recommended)

Before using this method, you must have set up a Microsoft Entra application and service principal that can access resources. Please go here before following the steps below.

  1. The following information is required.
    1. Directory (tenant) ID and Application (client) ID
        • To get these values:
            • Go to the Registered apps section of Microsoft Entra ID.
            • Click on New Registration, name your app and click Register.
            • Copy your new app’s Directory (tenant) ID and Application (client) ID
    2. Client Secret
        • In Azure portal, select Certificates & secrets, then go to the Client secrets tab. Click New client secret.
        • Copy the new secret.
  2. Return to Azure. Go to your Azure subscription list and select the subscription or management group you want to monitor with CSPM.
  3. Go to Access control (IAM) and select Add Role Assignment.
  4. Select the Reader function role, assign access to User, group, or service principal, and select your new app.

Option 2: Managed identity (optional)

This method involves creating an

Azure VM (or using an existing one), giving it read accessHow to the resources you wantintegrate to monitorAQUILA withCSPM CSPM,Module

and
Pre-requisites
  1. Access to CyTech - AQUILA

    • Only users assigned the installing"Owner" or "Admin" role can access the Log Collector oninstallation resources within the Azure VM.platform.

      1. Go to the Azure portal to create a new Azure VM.
      2. Follow
    the setup process, and make sure you enable System assigned managed identity under the Management tab.
  2. Go to your Azure subscription list and select the subscription or management group you want to monitor with CSPM.
  3. Go to Access control (IAM) and select Add Role Assignment.
  4. Select the Reader role, assign access to Managed Identity, then select your VM.

To navigate to CSPM Module please follow the instructions below:

Step 1: Log in to CyTech - AQUILA. Click here --> AQUILACYBER.ai
Step 2: Click on Cyber Monitoring.

image.png

Step 3: Choose Cloud Security Posture Management (CSPM).

image.png

Step 4: Click the "Let's Go" or "Onboard CSPM" icon to launch installation window.

image.png

Step 5: Click "Let's go" to start the integration process.

image.png

Step 6: Choose your log collector. If you haven't installed a log collector yet choose "New Log Collector" click here --> Log Collector Installation. If you have already have an existing log collector choose "Current Log Collector" and click "Next".

image.png

Step 7: Click "Next" if the requirements are met.

image.png

Step 8: Choose your current log collector. This will collect the logs coming from your log sources.

image.png

Step 9: Choose Azure and click "Next" to proceed.

image.png

Step 10: Input all the required credentials from the previous Azure configurations and click "Next" to initiate the integration process. Wait for couple of minutes until a success window shows up.

image.png

Please refer to this manual for the full guidelines of our CSPM Module. click here--> CyTech - AQUILA CSPM Manual 

         If you need further assistance, kindly contact our support at support@cytechint.com for prompt assistance and guidance.

Back to top