Azure Integration - Guided Configuration
This topic describes how to use guided configuration to integrate Azure with Lacework. Guided configuration is a wizard-like interface that takes your input and generates a script that downloads and sets up all necessary Lacework CLI and Terraform components to create the Azure integration non-interactively through Azure Cloud Shell. You can also choose to run the generated bundle from any host supported by Terraform.
Requirements
- Ensure that you are deploying the integration to a supported Azure region.
- The final step of guided configuration is to run the generated bundle from either Azure Cloud Shell or any Terraform-supported host. Ensure your environment meets the corresponding requirements.
From Azure Cloud Shell
- Azure Global Administrator - An Azure portal account that has a Global Administrator role for your tenant's directory.
- Azure Owner Role - An Azure portal account with the Owner role in all subscriptions that you want to monitor.
- Lacework Administrator - A Lacework account with administrator privileges.
From Any Supported Host
- Azure Global Administrator - An Azure portal account that has a Global Administrator role for your tenant's directory.
- Azure Owner Role - An Azure portal account with the Owner role in all subscriptions that you want to monitor.
- Azure CLI - The Terraform provider for Azure leverages configuration from the Azure CLI to configure resources in Azure.
- Linux Tools - The following Linux tools must be installed and present on PATH: curl, Git, and unzip.
- Lacework Administrator - A Lacework account with administrator privileges.
Navigate to Guided Configuration
Follow these steps to integrate using guided configuration.
- Log in to the Lacework Console.
- Go to Settings > Integrations > Cloud accounts.
- Click + Add New.
- Click Microsoft Azure and select Guided configuration.
- Click Next.
- Follow the steps in the next section.
Create an Azure Integration
Answer the questions about how to configure the integration.
Basic Configuration
- Do you want to enable Azure Configuration integration?
A Configuration integration analyzes your Azure environment's configuration compliance. - Do you want to enable Azure Activity Log integration?
An Activity Log integration analyzes activity log activity. - Select an API key.
- Select an existing API key from the list.
- If no API keys exist, click Create New Key, provide a name and description, and click Save. Then select the key to use in the integration.
Advanced Configuration
For optional advanced configuration, click Advanced configuration (optional) and click Configure for the options you want to configure. The following options are available.
Configuration integration name
- Specify the Configuration integration name - A unique name for the integration that displays in the Lacework Console.
Activity Log integration name
- Specify the Activity Log integration name - A unique name for the integration that displays in the Lacework Console.
Subscriptions
Enable all subscriptions? - Enable to grant read access to all subscriptions within the selected tenant.
ImportantRead access is granted to all the existing subscriptions in your Azure tenant. If you create a new subscription later, do the following to include that subscription:
- Navigate to the
/lacework/azure
folder in the directory where you ran the CLI bundle command. This folder contains the Terraform files for the guided configuration. For more information, see Generate CLI Bundle. - Run
terraform plan
and review the changes that will be applied. - Once satisfied with the changes that will be applied, run
terraform apply
to execute Terraform and include the new subscription.
- Navigate to the
Specify list of subscriptions - List of subscriptions to grant read access to. Default behavior uses only the primary subscription.
- Enter the Subscription ID for each subscription (rather than the name).
Active Directory
- Do you want to create an Active Directory integration? - Enable to create an Active Directory integration. An Azure AD application provides Lacework read-only access to Azure subscriptions and tenants.
- Specify AD application ID - Active Directory application ID to use.
- Specify AD application password - Active Directory application password to use.
- Specify AD principal service ID - Enterprise app object ID related to the application ID.
Storage account
- Storage account location - Azure region where the storage account for logging will reside (default is West US 2).
- Use an existing storage account? - Enable to use an existing storage account.
- Storage account name - Name of the storage account.
- Storage account resource group - Resource group for the existing storage account.
Management group
- Enable management group level integration? - If enabled, the AD application will be a Reader at the management group level instead of subscription level
- Specify management group ID - Management group ID to add Reader permissions to.
Generate CLI Bundle
After providing basic configuration information and any desired advanced configuration information, generate the CLI bundle.
- Click Generate CLI bundle. This generates a CLI bundle specifically for you based on the information entered. You will copy and paste this into the Azure Cloud Shell to create the integration.
- Ensure your environment meets all prerequisites.
- Click Copy download bundle command to clipboard.
- As an account with global administrator access and owner privileges to the subscription being used, go to the Azure Cloud Shell.
- Paste the command and press enter.
This downloads the Lacework CLI, sets up the CLI with your configuration, calls the CLI non-interactively, and applies Terraform. When the command finishes, the new integration appears in the Cloud accounts list after a screen refresh.
The Terraform files for the guided configuration are created in the /lacework/azure
folder in the directory where you ran the CLI bundle command. Ensure that the Terraform files are backed up so that you can use them later to update the integrations.