Faddom can discover your Microsoft Azure environment without the need to install anything on your VMs. This guide will walk you through the process of setting this up for an Azure subscription.
Creating an App Registration
The first step in giving Faddom access to map an Azure environment is to create an App Registration. To do this, open the Azure portal and go to Azure Active Directory.
There select App Registrations on the left:
Then, select New registration:
Give the registration a name, and select whether you want to give access for a single tenant or multiple tenants. You can leave the Redirect URI empty:
After creating the App Registration, select it and from the overview tab, record the Application (client) ID and Directory (tenant) ID. You will need these later.
Finally, create a secret key for the App Registration. To do this, select Certificates and Secrets on the left and click on New client secret:
Make sure to record the Value of the key and not the secret ID, you will need this later. The value will only be available right after you create the key and cannot be recovered later. Instead, you can create a new secret key if needed.
Giving permissions to the App Registration
Once you have created an App Registration, it still does not have any permissions to your environment. The App Registration is basically the user that Faddom will use to access the environment, we now need to give it permissions.
To do this, open up the Subscription that you would like Faddom to map and select IAM on the left, there , under Add, click Add role assignment:
Search for the Reader role, select it and click Next:
In the Members tab, click on Select members and search for the App Registration we created in the previous step:
Click on the App Registration, then click on Select, and then on Review + assign.
You can repeat this process for any additional Subscriptions you want Faddom to map.
Creating Flow Logs
The next step in the integration is to create Flow Logs allowing Faddom to view the network traffic passing between your VMs. You can use NSG Flow Logs but it is recommended to use VNET Flow Logs.
VNET Flow Logs
In the search box at the top of the portal, enter network watcher. Select Network Watcher from the search results.
Under Logs, select Flow logs.
In Network Watcher | Flow logs, select + Create or Create flow log blue button.
On the Basics tab of Create a flow log, enter or select the following values:
Setting | Value |
Project details |
|
Subscription | Select the Azure subscription of your virtual network that you want to log. |
Flow log type | Select Virtual network then select + Select target resource (available options are: Virtual network, Subnet, and Network interface). |
Flow Log Name | Enter a name for the flow log or leave the default name. Azure portal uses {ResourceName}-{ResourceGroupName}-flowlog as a default name for the flow log. |
Instance details |
|
Subscription | Select the Azure subscription of the storage account. |
Storage accounts | Select the storage account that you want to save the flow logs to. If you want to create a new storage account, select Create a new storage account. |
Retention (days) | Enter a retention time for the logs (this option is only available with Standard general-purpose v2 storage accounts). Enter 0 if you want to retain the flow logs data in the storage account forever (until you manually delete it from the storage account). For information about pricing, see Azure Storage pricing. |
Optional: To enable traffic analytics, select Next: Analytics button, or select the Analytics tab. Enter or select the following values:
Setting | Value |
Enable traffic analytics | Select the checkbox to enable traffic analytics for your flow log. |
Traffic analytics processing interval | Select the processing interval that you prefer, available options are: Every 1 hour and Every 10 mins. The best option for Faddom is Every 10 minutes |
Subscription | Select the Azure subscription of your Log Analytics workspace. |
Log Analytics Workspace | Select your Log Analytics workspace. By default, Azure portal creates DefaultWorkspace-{SubscriptionID}-{Region} Log Analytics workspace in defaultresourcegroup-{Region} resource group. |
7. Select Review + create.
8. Review the settings, and then select Create.
NSG Flow Logs
You can also create an new storage account to store the flow logs. Faddom will require access to this account to read the logs. It is recommended to create a StorageV2 account so that you can set retention. Faddom does not require flow log retention, so you can set it to the minimum of 1 day to reduce storage costs.
Now, click on Review + create to create the flow log.
Faddom will require access to the storage account that is storing the flow logs. To do this, open up the Storage account in the Azure portal and go to Access keys on the left. Faddom requires the Connection string value to connect, record this for later.
Setting Up The Discovery In Faddom
Now that we have everything configured in Azure, we can set up the discovery in Faddom.
From the Overview screen, select Data Sources, then select Azure
Under Azure Credentials, enter the details you recorded in step 1 - The Application ID, Directory ID and Secret Value:
Then click Discover to show the Azure Flow Logs settings:
Here, click on Enable FlowLogs, enter the Connection String you recorded in step 2, and click on Apply FlowLog settings:
Faddom should now be mapping your Azure Subscription. You should be able to see VM details under Discover -> Azure VMs, and the network traffic for these VMs should start to appear within a few minutes.