NG SIEM - Azure CSPM Integration

This manual explains how to get started monitoring the security posture of your Azure CSP using the Cloud Security Posture Management (CSPM) feature. 

 Requirements 

 

 

 The user who gives the CSPM integration permissions in Azure must be an Azure subscription  admin . 

 

 

 Setup 

 Service principal with client secret

 

 Before using this method, you must have set up a  Microsoft Entra application  and  service principal that can access resources . Please go   here  before following the steps below. 

 

 

 The following information is required. 

 

 Directory  (tenant) ID  and  Application (client) ID 

 

 To get these values: 

 

 Go to the  Registered apps  section of Microsoft Entra ID. 

 Click on  New Registration , name your app and click  Register . 

 Copy your new app’s  Directory (tenant) ID  and  Application (client) ID .  

 

 

 

 

 Client Secret 

 

 In Azure portal, select  Certificates & secrets , then go to the  Client secrets  tab. Click  New client secret . 

 Copy the new secret. 

 

 

 

 

 Return to Azure. Go to your Azure subscription list and select the subscription or management group you want to monitor with CSPM. 

 Go to  Access control (IAM)  and select  Add Role Assignment . 

 Select the  Reader  function role, assign access to  User, group, or service principal , and select your new app. 

 

 

 Please saved and provide this values to AQUILA Support Team. 

 

 Directory (tenant) ID 

 Application (client) ID 

 

 Client Secret Value: 

 

 

 

 

 If you need further  assistance , kindly contact support@cytechint.com  for prompt  assistance  and guidance.