Exciting news! We are redesigning the Arctic Wolf Help Documentation site to provide a better user experience. Our new site will launch on May 1, 2024.

Microsoft Azure CSPM — Manual Configuration

Updated Apr 4, 2024

Configure Microsoft Azure for Arctic Wolf CSPM manually

You can manually configure Azure® for Arctic Wolf® Cloud Security Posture Management (CSPM).

Requirements

Steps

  1. Register the application.
  2. Retrieve the subscription ID.
  3. Add role assignments.
  4. Provide your Azure credentials to Arctic Wolf.

Step 1: Register the application

  1. Sign in to Microsoft Azure.

  2. In the portal menu, click All services > Hybrid + multicloud > Microsoft Entra ID.

  3. Under Manage, click App registrations.

  4. Click + New registration.

  5. Configure these settings:

    • Name — Enter a name for the application.
    • Supported Account Types — Select the Accounts in this organizational directory only (<Organization-Name> only - Single Tenant) checkbox.
    • For all other fields, keep the default values.
  6. Click Register.

    The page for the newly registered application opens.

  7. Copy the Application (client) ID and Directory (tenant) ID values, and then save them in a safe, encrypted location. You will provide them to Arctic Wolf later.

  8. In the navigation menu, in the Manage section, click Certificates & secrets.

  9. In the Client secrets section, click + New client secret, and then configure these settings:

    • Description — Enter a description for the client secret.
    • Expires — Select an expiration date for the client secret.
  10. Click Add.

  11. On the Client secrets tab, verify that your new client secret appears.

    Screenshot of the Certificates and Secrets page on the Microsoft Azure Portal. The Value field and text is highlighted by an orange box.
  12. Copy the Value value, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.

    Notes:

    • The Value value is only available immediately after creation. Do not exit the Certificates & Secrets page until the value is saved in a safe, encrypted location.
    • The Value value is the secret ID or client secret. You must provide this value to Arctic Wolf later. It is not necessary to copy the Secret ID field.
    • You must provide the updated client secret credentials to Arctic Wolf before the credentials expire.

Step 2: Retrieve the subscription ID

  1. In the navigation menu, click Subscriptions.
  2. Select the subscription that you want Arctic Wolf to scan.
  3. Copy the Subscription ID, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.

Step 3: Add role assignments

  1. In the All Services menu, click «Subscriptions.

  2. Select the subscriptions that you want to integrate with Arctic Wolf.

  3. Click Access control (IAM).

  4. Click the Role assignments tab.

  5. Click Add, and then click Add role assignment.

  6. For the both Security Reader and Log Analytics Reader roles, complete these steps:

    1. In the Role list, in the search bar, enter the role name.

    2. In the search results, select the role name.

    3. In the Select list, add the application that you created in Register the application.

      Note: In the Assign access to list, keep the default value.

    4. Click Save.

  7. In the Role assignments tab, verify that both Security Reader and Log Analytics Reader are listed.

Step 4: Provide your Azure credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click Telemetry Management > Connected Accounts.

  3. Click Add Account +.

  4. On the Add Account page, in the Account Type list, select Cloud Security Posture Management.

  5. In the cloud services list, click Azure CSPM.

  6. On the Add Account page, configure these settings:

  7. Click Test and submit credentials.

See also