Microsoft Azure CSPM — Script Configuration
Updated Nov 2, 2023Configure Microsoft Azure for Arctic Wolf CSPM using a Terraform script
You can configure Azure® for Arctic Wolf® Cloud Security Posture Management (CSPM) using a Terraform® script.
Note: Multi-subscription and multi-tenant configurations are not supported.
Requirements
- A valid Arctic Wolf® Managed Risk license
- These tools:
- Terraform binary version 1.3.7 or newer
Tip: Run
terraform version
to verify your existing Terraform version. - CSPM Azure Terraform script
- Terraform binary version 1.3.7 or newer
- A user principal role with the Global Administrator role
Steps
For each subscription or tenant you want to scan, complete these steps:
Step 1: Configure the CSPM Terraform script
-
Sign in to the Azure Portal.
-
In the navigation menu, click Cloud Shell.
-
If this is your first time using Azure Cloud Shell, complete these steps:
Note: This may result in subscription fees.
- Select the subscription used to create the storage account and file share.
- Click Create storage.
-
Choose either Bash or PowerShell as your command line environment.
-
Run this command to verify that you are using the Azure subscription you want to run Terraform with:
Note: If the Azure subscription is incorrect, see the Microsoft documentation for Terraform configuration in Azure Cloud Shell for steps to authenticate with a different subscription.
az account show
-
Run this command to initialize Terraform:
terraform init
-
Run these commands to confirm that the module is configured correctly:
terraform validate terraform plan terraform apply
Step 2: Provide your Azure credentials to Arctic Wolf
-
Sign in to the Arctic Wolf Unified Portal.
-
In the menu bar, click Telemetry Management > Connected Accounts.
-
Click Add Account +.
-
On the Add Account page, in the Account Type list, select Cloud Security Posture Management.
-
In the Cloud Services list, select Azure CSPM.
-
On the Add Account page, configure these settings:
Tip: To retrieve these values at any time, see Retrieve environment values for more information.
- Account Name — Enter a unique and descriptive name for the account.
- Directory ID — Enter the directory ID from the command output in Configure the CSPM Terraform script.
- Application ID — Enter the application ID from the command output in Configure the CSPM Terraform script.
- Subscription ID — Enter the subscription ID from the command output in Configure the CSPM Terraform script.
- Secret Key — Enter the secret key from the command output in Configure the CSPM Terraform script.
- Credential Expiry — (Optional) Enter the expiration date if the credentials have an expiry date.
-
Click Test and submit credentials.
After your Concierge Security® Team (CST) adds this account to your scan configuration, the connected account changes to Healthy.
Next steps
- Complete Enable Terraform debugging.