Ingest Cloud Assets from Microsoft Azure
Extend Cortex® XDR™ visibility into cloud assets from Microsoft Azure.
Ingesting Cloud Assets from Microsoft Azure requires a Cortex XDR Pro per TB license.
Cortex XDR provides a unified, normalized asset inventory for cloud assets in Microsoft Azure. This capability provides deeper visibility to all the assets and superior context for incident investigation.
To receive cloud assets from Microsoft Azure, you must configure the Collection Integrations settings in Cortex XDR using the Cloud Inventory data collector to configure the Microsoft Azure wizard. The Microsoft Azure wizard includes instructions to be completed both in Microsoft Azure and the Microsoft Azure wizard screens. After you set up data collection, Cortex XDR begins receiving new data from the source.
As soon as Cortex XDR begins receiving cloud assets, you can view the data in
Specific Cloud Assetspages display the data in a table format.
To configure the Microsoft Azure cloud assets collection in Cortex XDR.
- Open the Microsoft Azure wizard in Cortex XDR.
- Select.Settings ( )ConfigurationsData CollectionCollection Integrations
- In theCloud Inventoryconfiguration, click theherelink to begin a new configuration.
- Define theConfigure Accountscreen of the wizard.Setting the connection parameters on the right-side of the screen are dependent on certain configurations in Microsoft Azure as explained below.
- Select theOrganization Levelas eitherSubscription(default),Tenant, orManagement Group. TheOrganization Levelthat you select changes the instructions and fields displayed on the screen.
- Login to your Microsoft Azure Portal.
- Search forSubscriptions, selectSubscriptions, copy the applicableSubscription IDin Azure, and paste it in theSubscription IDfield in theConfigure Accountscreen wizard in Cortex XDR.This step is only relevant if you’ve configured the Organization Level asSubscriptionin theConfigure Accountscreen in Cortex XDR. Otherwise, you can skip this step if theOrganization Levelis set toTenantorManagement Group.
- Search forManagement groups, selectManagement groups, copy the applicableIDin Azure, and paste it in theManagement Group IDfield in theConfigure Accountscreen wizard in Cortex XDR.This step is only relevant if you’ve configured the Organization Level asManagement Groupin theConfigure Accountscreen in Cortex XDR. Otherwise, you can skip this step if theOrganization Levelis set toSubscriptionorTenant.
- Search forTenant properties, selectTenant properties, copy the Tenant ID in Azure, and paste it in theTenant IDfield in theConfigure Accountscreen wizard in Cortex XDR.
- Specify aCortex XDR Collection Nameto be displayed underneath theCloud Inventoryconfiguration for this Azure collection.
- Define theAccount Detailsscreen of the wizard.
- Download the Terraformscript. The name of the file downloaded is dependent on the Organization Level that you configured in theConfigure Accountscreen of the wizard.
- Management Group—cortex-xdr-azure-group-ro.tf
- Login to the Azure Cloud Shell portal., and selectBash.
- Click the upload/download icon ( ) toUploadthe Terraform script to Cloud Shell, browse to the file, and clickOpen.A notification with theUpload destinationis displayed on the bottom-right corner of the screen.
- Use the following commands to upload the Terraform script, which you can copy from theAccount Detailsscreen in Cortex XDR using the copy icon ( ).
Before the action completes, you need to confirm whether you want to perform these actions, and after the process finishes running anApply completeindication is displayed.
- teraform init—Initializes the Terraform script. You need to wait until the initialization is complete before running the next command as indicated in the image below.
- terraform apply—When running this command you will be asked to enter the following values, which are dependent on the Organization Level that you configured.
- Copy theclient_idvalue displayed in the Cloud Shell window and paste it in theApplication Client IDfield in theAccount Detailsscreen in Cortex XDR.
- Copy thesecretvalue displayed in the Cloud Shell window and paste it in theSecretfield in theAccount Detailsscreen in Cortex XDR.
- Download the JSON file from Cloud Shell using the upload/download icon ( ), so you have output field values for future reference.
- Review theSummaryscreen of the wizard.If something needs to be corrected, you can goBackto correct it.
- ClickCreate.Once cloud assets from Azure start to come in, a green check mark appears underneath theCloud Inventoryconfiguration with theLast collection timedisplayed. It can take a few minutes for theLast Collection timeto display as the processing completes.Whenever the Cloud Inventory data collector integrations are modified by using theEdit,Disable, orDeleteoptions, it can take up to 10 minutes for these changes to be reflected in Cortex XDR.
- After Cortex XDR begins receiving Azure cloud assets, you can view the data in, whereAssetsCloud InventoryAll AssetsandSpecific Cloud Assetspages display the data in a table format. For more information, see Cloud Inventory Assets.
Recommended For You
Recommended videos not found.