Set Up Censys ASM Cloud Connector for Microsoft Azure
Summary
Use this connector to seed the Censys ASM platform with accurate, up-to-date information about Internet-addressable assets in your Azure account for monitoring and enhanced discovery.
In this guide:
Introduction
For each Azure Subscription you enable, the cloud connector will connect to the following services to extract and send relevant data to the Censys ASM platform:
- All Public Virtual Machine Instances
- All Serverless Instances
- DNS and Domain Information
What You'll Need:
- Your Azure tenant ID and Subscription IDs
- Application (client) ID and Application (client) secret
- Your Censys ASM API key
- A server with Docker and Docker Compose installed
- The
cloud-connectors.tar.gz
code file (please email Censys support for access)
Install the Censys Cloud Connector
cloud-connectors.tar.gz
file to your preferred directory. For access, please contact support@censys.io.Create Config File
azure_config.yml.example
and rename as azure_config.yml
with this command:cp -p azure/azure_config.yml.example azure/azure_config.yml
cloud-connectors/azure/azure_config.yml
file with an editor and replace the example values with values corresponding to your Azure tenant. Add a block for each additional Subscription in your tenant.Example YAML for Config File
- AZURE_TENANT_ID: xxx-xxx-xxx-xxx
AZURE_CLIENT_ID: xxx-xxx-xxx-xxx
AZURE_CLIENT_SECRET: xxx-xxx-xxx-xxx
AZURE_SUBSCRIPTION_ID: xxx-xxx-xxx-xxx
Create Environment File
env.example
and rename as env
with this command:cp -p docker/env.example docker/env
Open the cloud-connectors/docker/env
file with an editor and replace the example values with your preferences.
Example YAML for Config File
Default values are shown.
CONNECTOR_TYPE= azure
CENSYS_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
SEARCH_IPS=true
SEARCH_CONTAINERS=true
SEARCH_DATABASES=true
SEARCH_DNS=true
LOGGING_LEVEL=info
SCAN_FREQUENCY=3600
Required Configurations
These configurations must be set.
CONNECTOR_TYPE
- The cloud connector type. Useazure
CENSYS_API_KEY
- Your Censys API key, found on the Censys Integrations page.
Optional Configurations
SEARCH_IPS
- Search for public IP addresses in cloud services. Defaults totrue
.SEARCH_CONTAINERS
- Search for public IP addresses in cloud container services. Defaults totrue
.SEARCH_DATABASES
- Search for public IP addresses in cloud database services. Defaults totrue
.SEARCH_DNS
- Search for public domain names in cloud DNS services. Defaults totrue
.LOGGING_LEVEL
- Logging level with valid parameters [debug
|warning
|info
|error
]. Defaults toinfo
.SCAN_FREQUENCY
- The period of time to wait between collection in seconds. To run the connector once and then exit, set this parameter to-1
. This value can not be a positive number of less than 3600 (1 hour). Defaults to3600
(run hourly).
Build and Run the Container
To run the Censys cloud connector, navigate to the cloud-conectors
root directory and execute the following command:
./run.sh
The connector will begin collecting your cloud assets and uploading them to the Censys ASM platform as seeds.
Additional Help
In this section, we walk you through where you can find the required configuration information in your Azure tenant.
Set Up Azure Access
- Visit the App registrations page of the Azure tenant.
- Add a New registration with a descriptive name, for the Single tenant.
- From the newly created App registration, copy your
Directory (tenant) ID
andApplication (client) ID
. - Next, click the Certificates & secrets tab. Near the bottom of the page, create a new client secret (or use an existing one). Copy the
Secret Value
. - Visit the Subscriptions page of the Azure tenant. Copy the
Subscription ID(s)
on this page. - For each Subscription that the Cloud Connector will scan, add a Reader Role assignment for the newly created App.
- Enter the copied values into the
cloud-connectors/docker/azure_config.yml
file. Each Subscription requires its own Azure Subscription block in the file.
Comments
0 comments
Article is closed for comments.