Faddom Help Center

Mapping a Microsoft Azure Subscription Using Faddom

Faddom can discover your Microsoft Azure environment without the need to install anything on your VMs. This guide will walk you through the process of setting this up for an Azure subscription.

 

Creating an App Registration

The first step in giving Faddom access to map an Azure environment is to create an App Registration. To do this, open the Azure portal and go to Azure Active Directory.

There select App Registrations on the left:

mceclip0.png

Then,  select New registration:

mceclip1.png

Give the registration a name, and select whether you want to give access for a single tenant or multiple tenants. You can leave the Redirect URI empty:

mceclip2.png

After creating the App Registration, select it and from the overview tab, record the Application (client) ID and Directory (tenant) ID. You will need these later.

mceclip3.png

Finally, create a secret key for the App Registration. To do this, select Certificates and Secrets on the left and click on New client secret:

mceclip4.png

Make sure to record the Value of the key and not the secret ID, you will need this later. The value will only be available right after you create the key and cannot be recovered later. Instead, you can create a new secret key if needed.

mceclip5.png

 

Giving permissions to the App Registration

Once you have created an App Registration, it still does not have any permissions to your environment. The App Registration is basically the user that Faddom will use to access the environment, we now need to give it permissions.

To do this, open up the Subscription that you would like Faddom to map and select IAM on the left, there , under Add, click Add role assignment:

mceclip6.png

Search for the Reader role, select it and click Next:

mceclip7.png

In the Members tab, click on Select members and search for the App Registration we created in the previous step:

mceclip8.png

Click on the App Registration, then click on Select, and then on Review + assign.

You can repeat this process for any additional Subscriptions you want Faddom to map.

Creating Flow Logs

The next step in the integration is to create the Flow Logs allowing Faddom to view the network traffic passing between your VMs. You can use either VNET Flow Logs or NSG Flow Logs. We recommend VNET Flow Logs as this is set on a VPC and not per NSG and will not require additional work if you set up a new NSG.

VNET Flow Logs

  1. In the search box at the top of the portal, enter Network Watcher. Select Network Watcher from the search results.

  2. Under Logs, select Flow Logs

  3. In Network Watcher | Flow logs, select Create or Create flow log 
    Screenshot of Network Watcher flow logs in the Azure portal.
  4. On the Basics tab of Create a flow log, enter or select the following values:

    Project Details

    Subscription Select the Azure subscription of your virtual network that you want to log.
    Flow log type Select Virtual Network then select + Select target resource (available options are: Virtual networkSubnet, and Network interface).
    Select the resources that you want to flow log, then select Confirm selection.
    Flow Log Name Enter a name for the flow log or leave the default name. Azure portal uses {ResourceName}-{ResourceGroupName}-flowlog as a default name for the flow log.
    Instance details
    Subscription Select the Azure subscription of the storage account.
    Storage Accounts Select the storage account that you want to save the flow logs to. If you want to create a new storage account, select Create a new storage account.
    Retention (days) Enter a retention time for the logs. Faddom does not need the logs once they have been parsed, so setting a retention of 1 is sufficient (setting 0 retains them forever and will increase storage costs)

    Screenshot that shows the Basics tab of creating a virtual network flow log in the Azure portal.

  5. To enable traffic analytics, select Next: Analytics button, or select the Analytics tab. Enter or select the following values:

    Enable traffic analytics Select the checkbox to enable traffic analytics for your flow log.
    Traffic analytics processing interval Select the processing interval that you prefer, for the most accurate results, we recommend you set it to Every 10 mins. The default processing interval is every one hour. For more information, see Traffic analytics.
    Subscription Select the Azure subscription of your Log Analytics workspace.
    Log Analytics Workspace Select your Log Analytics workspace. By default, Azure portal creates DefaultWorkspace-{SubscriptionID}-{Region} Log Analytics workspace in defaultresourcegroup-{Region} resource group.

    Screenshot that shows how to enable traffic analytics for a new flow log in the Azure portal.

     

  6. Select Review + create.

  7. Review the settings, and then select Create

NSG Flow Logs

It is required to use Flow Logs version 2 so that Faddom can read the data,

To set this up, search for NSG flow log in the main search bar:

mceclip9.png

 

In the Create a flow log screen, select the subscription you would like to create a flow log for, and then click on Select NSG. There, select all of the NSGs you would like Faddom to monitor traffic for.

mceclip10.png

Storage Account

You can also create a new storage account to store the flow logs. Faddom will require access to this account to read the logs. It is recommended to create a StorageV2 account so that you can set retention. Faddom does not require flow log retention, so you can set it to a minimum of 1 day to reduce storage costs. See the Azure Documentation for more information.

mceclip11.png

Now, click on Review + create to create the flow log.

Faddom will require access to the storage account that is storing the flow logs. To do this, open up the Storage account in the Azure portal and go to the Access keys on the left. Faddom requires the Connection string value to connect, record this for later.

mceclip12.png

 

Setting Up The Discovery In Faddom

Now that we have everything configured in Azure, we can set up the discovery in Faddom.

From the Overview screen, select Data Sources, then select Azure

1.png

Under Azure Credentials, enter the details you recorded in step 1 - The Application ID, Directory ID and Secret Value:

2.png

Then click Discover to show the Azure Flow Logs settings:

Here, click on Enable FlowLogs, enter the Connection String you recorded in step 2, and click on Apply FlowLog settings:

3.png

Faddom should now be mapping your Azure Subscription. You should be able to see VM details under Discover -> Azure VMs, and the network traffic for these VMs should start to appear within a few minutes.

Was this article helpful?
0 out of 1 found this helpful

Comments