Configure Microsoft Azure for Arctic Wolf CSPM using a Terraform script

You can configure Azure® for Arctic Wolf® Cloud Security Posture Management (CSPM) using a Terraform® script.

Requirements

• A valid Arctic Wolf® Managed Risk license
• These tools:
  • Terraform binary version 1.3.7 or newer

    Tip: Run terraform version to verify your existing Terraform version.

  • CSPM Azure Terraform script
• A user principal role with the Global Administrator role

Steps

For each subscription or tenant you want to scan, complete these steps:

1. Configure the CSPM Terraform script.
2. Provide your Azure credentials to Arctic Wolf.

Step 1: Configure the CSPM Terraform script

1. Sign in to the Azure Portal.

2. In the navigation menu, click Cloud Shell.

3. If this is your first time using Azure Cloud Shell, complete these steps:

   Note: This may result in subscription fees.

   1. Select the subscription used to create the storage account and file share.
   2. Click Create storage.

4. Choose either Bash or PowerShell as your command line environment.

5. Run this command to verify that you are using the Azure subscription you want to run Terraform with:

   Note: If the Azure subscription is incorrect, see the Microsoft documentation for Terraform configuration in Azure Cloud Shell for steps to authenticate with a different subscription.

   az account show

6. Run this command to initialize Terraform:

   terraform init

7. Run these commands to confirm that the module is configured correctly:

   terraform validate
   terraform plan
   terraform apply

Step 2: Provide your Azure credentials to Arctic Wolf

1. Sign in to the Arctic Wolf Unified Portal.

2. In the menu bar, click Telemetry Management > Connected Accounts.

3. Click Add Account +.

4. On the Add Account page, in the Account Type list, select Cloud Security Posture Management.

5. In the Cloud Services list, select Azure CSPM.

6. On the Add Account page, configure these settings:

   Tip: To retrieve these values at any time, see Retrieve environment values for more information.

   • Account Name — Enter a unique and descriptive name for the account.
   • Directory ID — Enter the directory ID from the command output in Configure the CSPM Terraform script.
   • Application ID — Enter the application ID from the command output in Configure the CSPM Terraform script.
   • Subscription ID — Enter the subscription ID from the command output in Configure the CSPM Terraform script.
   • Secret Key — Enter the secret key from the command output in Configure the CSPM Terraform script.
   • Credential Expiry — (Optional) Enter the expiration date if the credentials have an expiry date.

7. Click Test and submit credentials.

After your Concierge Security® Team (CST) adds this account to your scan configuration, the connected account changes to Healthy.

Next steps

• Complete Enable Terraform debugging.

See also

• Terraform documentation
• Configure Azure cloud monitoring