This section describes how securiCAD can be used to analyze your Azure environments. In short, securiCAD can analyze your Azure environment by collecting data from the environment which is then used to perform attack simulations in the securiCAD Enterprise software.
To collect the Azure infrastructure configuration needed for creating a securiCAD model (digital twin), an Azure reader role needs to be added in the Azure subscription which then is used using the SDK for fetching the configuration. You can do that using Azure app registration.
- In the Azure console, create a new App Registration and give it a suitable name, e.g.
- Support account types should be Accounts in this organizational directory only.
- Collect the individual keys for the fetcher to be able to access the Azure API's. The image below shows the different keys you need. You also need to create a Client Secret.
- Creatinging the Client Secret
First go into client credentials shown here:
New client secret as shown here:
The keys generated should then be stored in a secure place for further use.
Next, collect all the keys in one place and keep them safe since you now can extract the information on your Azure environment with them.
The keys needed for extraction are Subscription ID, Directory (Tenant) ID, Application Registration Client ID and Secret.
They will then be prepared in a bash script file like this:
export AZURE_SUBSCRIPTION_ID='xxx' export AZURE_TENANT_ID='xxx' export AZURE_CLIENT_ID='xxx' export AZURE_CLIENT_SECRET='xxx'
The SecuriCAD Azure collector collects environment information from the Azure APIs, and stores the result in a JSON file. To gain access to the Azure APIs, the securiCAD Azure Collector needs to be configured with the credentials of the reader App Registration described above.
Install the securiCAD-azure-collector using git:
$ git clone https://github.com/foreseeti/securicad-azure-collector
Install the securicad-azure-collector with pip:
$ pip install securicad-azure-collector
Below are a few examples of how to run the securiCAD Azure Collector. The script stores the collected data in a file named
active_directory.json. Find more examples and options here.
Updated 18 days ago