Set Up Censys ASM Cloud Connector for Microsoft Azure
Summary
Use this connector to seed the Censys ASM platform with accurate, up-to-date information about Internet-addressable assets in your Azure account for monitoring and enhanced discovery.
In this guide:
Introduction
For each Azure tenant you enable, the cloud connector will connect to the following services to extract and send relevant data to the Censys ASM platform for:
- All Public Virtual Machine Instances
- All Serverless Instances
- DNS and Domain Information
What You'll Need:
- The Azure tenant ID
- Client ID, Client secret, and subscription ID for each Azure tenant
- Your Censys ASM API key
- A server with Docker and Docker Compose installed
- The
cloud-connectors.tar.gz
code file (please email Censys support for access)
Install the Censys Cloud Connector
cloud-connectors.tar.gz
file to your preferred directory. For access, please contact support@censys.io.Create Config File
azure_config.yml.example
and rename as azure_config.yml
with this command:cp -p azure_config.yml.example azure_config.yml
azure_config.yml
with an editor and replace the example values with values corresponding to your Azure tenant. Add a block for each additional tenant.Example YAML for Config File
- AZURE_TENANT_ID: xxx-xxx-xxx-xxx
AZURE_CLIENT_ID: xxx-xxx-xxx-xxx
AZURE_CLIENT_SECRET: xxx-xxx-xxx-xxx
AZURE_SUBSCRIPTION_ID: xxx-xxx-xxx-xxx
Create Environment File
env.example
and rename as env
with this command:cp -p env.example env
Open the cloud-connectors/docker/env
file with an editor and replace the example values with your preferences.
Example YAML for Config File
Default values are shown.
CONNECTOR_TYPE= azure
CENSYS_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
SEARCH_IPS=true
SEARCH_CONTAINERS=true
SEARCH_DATABASES=true
SEARCH_DNS=true
LOGGING_LEVEL=warning
SCAN_FREQUENCY=-1
Required Configurations
These configurations must be set.
CONNECTOR_TYPE
- The cloud connector type. Useazure
CENSYS_API_KEY
- Your Censys API key, found on the Censys Admin page.
Optional Configurations
SEARCH_IPS
- Search for public IP addresses in cloud services. Defaults totrue
.SEARCH_CONTAINERS
- Search for public IP addresses in cloud container services. Defaults totrue
.SEARCH_DATABASES
- Search for public IP addresses in cloud database services. Defaults totrue
.SEARCH_DNS
- Search for public domain names in cloud DNS services. Defaults totrue
.LOGGING_LEVEL
- Logging level with valid parameters [debug
|info
]. Defaults towarning
when unset.SCAN_FREQUENCY
- The period of time to wait between collection in minutes. To run the connector once and then exit, set this parameter to-1
. This value can not be a positive number of less than 360 (6 hours). Defaults to-1
(run once and exit).
Build and Run the Container
To run the Censys cloud connector, navigate to the cloud-conectors
root directory and execute the following command:
docker-compose up --build -d
The connector will begin collecting your cloud assets and uploading them to the Censys ASM platform as seeds.
Additional Help
In this section, we walk you through where you can find the required configuration information in your Azure tenant.
Set Up Azure Account Access
-
Visit the Active Directory page of your Azure tenant account. Copy your
tenant ID
. -
Create a new user (or use an existing one) with the
Global administrator
role on the account(s) you would like to scan. -
From the Active Directory page, navigate to the
App registrations
tab and click on the project you would like to scan. Record theApplication (client) ID
in the Overview tab. -
Next, click the Certificates & secrets tab. Near the bottom of the page, create a new client secret (or use an existing one). Copy the client ID and secret.
-
Return to the Azure portal home page. In the search bar, type "subscriptions" and click on the
subscriptions
result with the key image. Copy the subscription ID(s) on this page.
Comments
0 comments
Article is closed for comments.