AI Runtime Security
Onboard Azure Cloud Account in SCM
Table of Contents
Expand All
|
Collapse All
AI Runtime Security Docs
Onboard Azure Cloud Account in SCM
Onboard your Azure cloud account in Strata Cloud Manager (SCM).
Where Can I Use This? | What Do I Need? |
---|---|
|
Prerquisities:
- To onboard more than one Azure subscription on the same tenant: Assign Azure roles using the Azure portal for the following roles: Azure Kubernetes Service Cluster User, Storage Blob Data Reader, and Reader to the relevant user, group, or service principal.
- Log in to SCM.Select Insights → AI Runtime Security.
- If you are onboarding a cloud account for the first time, select Insights → AI Runtime Security and click Get Started.If you have previously onboarded a cloud account, click the Cloud Account Manager (cloud) icon.Select Add Cloud Account.Select Cloud Service Provider as Azure and select Next.Enter basic information:
- A unique Name to identify your onboarded cloud account. (Limit the name to 32 characters).
- Azure Tenant ID.
- Azure Subscription Id.
Click Next.In Application Definition, select Next.The namespace shows applications from Pods/Cluster workloads, while VPC/VNETs display applications from virtual machine workloads.Input Storage Account Name .Enter only lowercase letters and numbers; the name must be between 3 and 24 characters.Download Terraform.Execute Terraform. Save and unzip the downloaded Terraform zip file.Navigate to the panw-discovery-<tsgid>-onboarding/azr folder and follow the `README.md` instructions to apply the Terraform in Azure to create the resources and add the role assignments.#Login to the Azure tenant from CLI and replace the "Tenant_Id" with your tenant_id value az login -t <Tenant_Id> #Replace the value with your subscription_id that is being onboarded az account set -s <Subscription_id> #Deploy the Terraform terraform init terraform plan terraform applyLog in to Azure Portal. Make sure you see the logs in Azure Storage Account → Data Storage → Containers → Insight flow logs and verify the date and hour.Select Done.This validates the successful creation of a service account in Azure.You can now view and manage the onboarded cloud accounts in SCM.The SCM dashboard under Insights → AI Runtime Security shows all the cloud assets discovered.Initial data should populate on SCM in about 15 minutes and the flow logs may have a delay of about 3 hrs to show up on the SCM UI.