Summary

Use this connector to seed the Censys ASM platform with accurate, up-to-date information about Internet-addressable assets in your Azure account for monitoring and enhanced discovery.

In this guide:

• Introduction

• Install the Censys Azure Cloud Connector

  • Create Config File

  • Create Environment File

  • Build and Run the Container

• Set Up Azure Account Access

Introduction

For each Azure Subscription you enable, the cloud connector will connect to the following services to extract and send relevant data to the Censys ASM platform:

• All Public Virtual Machine Instances
• All Serverless Instances
• DNS and Domain Information

What You'll Need:

• Your Azure tenant ID and Subscription IDs
• Application (client) ID and Application (client) secret
• Your Censys ASM API key
• A server with Docker and Docker Compose installed
• The cloud-connectors.tar.gz code file (please email Censys support for access)

Install the Censys Cloud Connector

Create Config File

cp -p azure/azure_config.yml.example azure/azure_config.yml

- AZURE_TENANT_ID: xxx-xxx-xxx-xxx
  AZURE_CLIENT_ID: xxx-xxx-xxx-xxx
  AZURE_CLIENT_SECRET: xxx-xxx-xxx-xxx
  AZURE_SUBSCRIPTION_ID: xxx-xxx-xxx-xxx

Create Environment File

cp -p docker/env.example docker/env

Open the cloud-connectors/docker/env file with an editor and replace the example values with your preferences.

Example YAML for Config File

Default values are shown.

CONNECTOR_TYPE= azure
CENSYS_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

SEARCH_IPS=true
SEARCH_CONTAINERS=true
SEARCH_DATABASES=true
SEARCH_DNS=true

LOGGING_LEVEL=info

SCAN_FREQUENCY=3600

Required Configurations

These configurations must be set.

• CONNECTOR_TYPE - The cloud connector type. Use azure
• CENSYS_API_KEY - Your Censys API key, found on the Censys Integrations page.

Optional Configurations

• SEARCH_IPS - Search for public IP addresses in cloud services. Defaults to true.
• SEARCH_CONTAINERS - Search for public IP addresses in cloud container services. Defaults to true.
• SEARCH_DATABASES - Search for public IP addresses in cloud database services. Defaults to true.
• SEARCH_DNS - Search for public domain names in cloud DNS services. Defaults to true.
• LOGGING_LEVEL - Logging level with valid parameters [debug | warning | info | error]. Defaults to info.
• SCAN_FREQUENCY - The period of time to wait between collection in seconds. To run the connector once and then exit, set this parameter to -1. This value can not be a positive number of less than 3600 (1 hour). Defaults to 3600 (run hourly).

Build and Run the Container

To run the Censys cloud connector, navigate to the cloud-conectors root directory and execute the following command:

./run.sh

The connector will begin collecting your cloud assets and uploading them to the Censys ASM platform as seeds.

Additional Help

In this section, we walk you through where you can find the required configuration information in your Azure tenant.

Set Up Azure Access

1. Visit the App registrations page of the Azure tenant.
2. Add a New registration with a descriptive name, for the Single tenant.
3. From the newly created App registration, copy your Directory (tenant) ID and Application (client) ID.
4. Next, click the Certificates & secrets tab. Near the bottom of the page, create a new client secret (or use an existing one). Copy the Secret Value.
5. Visit the Subscriptions page of the Azure tenant.  Copy the Subscription ID(s) on this page.
6. For each Subscription that the Cloud Connector will scan, add a Reader Role assignment for the newly created App.
7. Enter the copied values into the cloud-connectors/docker/azure_config.ymlfile.  Each Subscription requires its own Azure Subscription block in the file.