Faddom can discover your Microsoft Azure environment without the need to install anything on your VMs. This guide will walk you through the process of setting this up for an Azure subscription.
Creating an App Registration
The first step in giving Faddom access to map an Azure environment is to create an App Registration. To do this, open the Azure portal and go to Azure Active Directory.
There select App Registrations on the left:
Then, select New registration:
Give the registration a name, and select whether you want to give access for a single tenant or multiple tenants. You can leave the Redirect URI empty:
After creating the App Registration, select it and from the overview tab, record the Application (client) ID and Directory (tenant) ID. You will need these later.
Finally, create a secret key for the App Registration. To do this, select Certificates and Secrets on the left and click on New client secret:
Make sure to record the Value of the key and not the secret ID, you will need this later. The value will only be available right after you create the key and cannot be recovered later. Instead, you can create a new secret key if needed.
Giving permissions to the App Registration
Once you have created an App Registration, it still does not have any permissions to your environment. The App Registration is basically the user that Faddom will use to access the environment, we now need to give it permissions.
To do this, open up the Subscription that you would like Faddom to map and select IAM on the left, there , under Add, click Add role assignment:
Search for the Reader role, select it and click Next:
In the Members tab, click on Select members and search for the App Registration we created in the previous step:
Click on the App Registration, then click on Select, and then on Review + assign.
You can repeat this process for any additional Subscriptions you want Faddom to map.
Creating Flow Logs
The next step in the integration is to create Flow Logs allowing Faddom to view the network traffic passing between your VMs. It is required to use Flow Logs version 2 so that Faddom can read the data,
To set this up, search for NSG flow log in the main search bar:
In the Create a flow log screen, select the subscription you would like to create a flow log for, and then click on Select NSG. There, select all of the NSGs you would like Faddom to monitor traffic for.
You can also create an new storage account to store the flow logs. Faddom will require access to this account to read the logs. It is recommended to create a StorageV2 account so that you can set retention. Faddom does not require flow log retention, so you can set it to the minimum of 1 day to reduce storage costs.
Now, click on Review + create to create the flow log.
Faddom will require access to the storage account that is storing the flow logs. To do this, open up the Storage account in the Azure portal and go to Access keys on the left. Faddom requires the Connection string value to connect, record this for later.
Setting Up The Discovery In Faddom
Now that we have everything configured in Azure, we can set up the discovery in Faddom.
From the Overview screen, select Data Sources, then select Azure
Under Azure Credentials, enter the details you recorded in step 1 - The Application ID, Directory ID and Secret Value:
Then click Discover to show the Azure Flow Logs settings:
Here, click on Enable FlowLogs, enter the Connection String you recorded in step 2, and click on Apply FlowLog settings:
Faddom should now be mapping your Azure Subscription. You should be able to see VM details under Discover -> Azure VMs, and the network traffic for these VMs should start to appear within a few minutes.