Skip to main content

CSPM for Azure Integration

This manual explains how to get started monitoring the security posture of your cloudAzure assetsCSP using the Cloud Security Posture Management (CSPM) feature.

Requirements

  • CSPM only works in the Default Kibana space. Installing the CSPM integration on a different Kibana space will not work.
  • CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported.
  • To view posture data, you need read privileges for the following Elasticsearch indices:
    • logs-cloud_security_posture.findings_latest-*
    • logs-cloud_security_posture.scores-*
    • logs-cloud_security_posture.findings
  • The user who gives the CSPM integration permissions in Azure must be an Azure subscription admin.

Setup

Option 1: Service principal with client secret  (recommended)

Before using this method, you must have set up a Microsoft Entra application and service principal that can access resources.

  1. The following information is required.
    1. Directory (tenant) ID and Application (client) ID
      1. To get these values:
        1. Go to the Registered apps section of Microsoft Entra ID.
        2. Click on New Registration, name your app and click Register.
        3. Copy your new app’s Directory (tenant) ID and Application (client) ID
    2. Client Secret
      1. In Azure portal, select Certificates & secrets, then go to the Client secrets tab. Click New client secret.
      2. Copy the new secret.
  2. Return to Azure. Go to your Azure subscription list and select the subscription or management group you want to monitor with CSPM.
  3. Go to Access control (IAM) and select Add Role Assignment.
  4. Select the Reader function role, assign access to User, group, or service principal, and select your new app.

Option 2: Managed identity (recommended)optional)

This method involves creating an Azure VM (or using an existing one), giving it read access to the resources you want to monitor with CSPM, and installing Elastic Agent on it.the Azure VM.

  1. Go to the Azure portal to create a new Azure VM.
  2. Follow the setup process, and make sure you enable System assigned managed identity under the Management tab.
  3. Go to your Azure subscription list and select the subscription or management group you want to monitor with CSPM.
  4. Go to Access control (IAM) and select Add Role Assignment.
  5. Select the Reader role, assign access to Managed Identity, then select your VM.

After assigning the role:

  1. Return to the Add CSPM page in Kibana.
  2. Under Configure integration, select Azure. Under Setup access, select Manual.
  3. Under Where to add this integration, select New hosts.
  4. Click Save and continue, then follow the instructions to installInstall Elastic Agent on your Azure VM.

Wait for the confirmation that Kibana received data from your new integration. Then you can click View Assets to see your data.

Option 2: Service principal with client secret

Before using this method, you must have set up a Microsoft Entra application and service principal that can access resources.

  1. On the Add Cloud Security Posture Management (CSPM) integration page, scroll to the Setup access section, then select Manual.
  2. Under Preferred manual method, select Service principal with Client Secret.
  3. Go to the Registered apps section of Microsoft Entra ID.
  4. Click on New Registration, name your app and click Register.
  5. Copy your new app’s Directory (tenant) ID and Application (client) ID. Paste them into the corresponding fields in Kibana.
  6. Return to the Azure portal. Select Certificates & secrets, then go to the Client secrets tab. Click New client secret.
  7. Copy the new secret. Paste it into the corresponding field in Kibana.
  8. Return to Azure. Go to your Azure subscription list and select the subscription or management group you want to monitor with CSPM.
  9. Go to Access control (IAM) and select Add Role Assignment.
  10. Select the Reader function role, assign access to User, group, or service principal, and select your new app.
  11. Return to the Add CSPM page in Kibana.
  12. Under Where to add this integration, select New hosts.
  13. Click Save and continue, then follow the instructions to install Elastic Agent on your selected host.

Wait for the confirmation that Kibana received data from your new integration. Then you can click View Assets to see your data.

If you need further assistance, kindly contact our support at support@cytechint.com for prompt assistance and guidance.

Back to top