...
An Azure AD Application with the role of Security Reader. The application provides Blue Hexagon access to scan for cloud resource and service misconfigurations, suboptimal security policies, etc.
An Azure Function that ingests NSG Flow Logs and Azure Activity Logs and sends them to the Blue Hexagon SaaS portal for analytics.
...
Create Azure storage account by following the steps here.
Enable NSG Flow Logs for all your network security groups.
Anchor | ||||
---|---|---|---|---|
|
Blue Hexagon ingests Azure Activity Logs from an Azure storage account blob container in the same region as where the terraform module is deployed below (see location
variable in terraform.tfvars). To deliver Azure Activity Logs to a storage account:
Create Azure storage account by following the steps here.
Enable Activity Logs and send them to the storage account by following the steps here.
Deploy Terraform Module
The most convenient way to deploy the terraform module is via Azure Cloud Shell using a bash
terminal.
...
project
andenvironment
can be named per your enterprise application naming conventions. Note that Azure naming conventions and character limits will apply; it is recommended to keep these variables short, with only lowercase letters and numbers.location
Set to the region in which you wish to deploy Blue Hexagon, e.g. westus2.bh_license
Set to the Blue Hexagon for Azure SaaS license.enable_audit
Set totrue
(default) to create the Security Audit app to uncover misconfigurations. Set tofalse
to not create the Security Audit app.flow_logs_storage_connection_string
Set to the connection string for the Azure storage account where NSG Flow Logs are delivered. See screenshot below for where you can find the connection string. Leave this blank""
if you do not wish to process flow logs.activity_logs_storage_connection_string
Set to the connection string for the Azure storage account where Azure Activity Logs are delivered. See screenshot below for where you can find the connection string. Leave this blank""
if you do not wish to process activity logs.
Step 5: Run the following commands to deploy the module in each Azure subscription as needed.
...
Step 6: If terraform apply runs successfully, and the created application registers with Blue Hexagon, you should see the following outputs.
If enable_audit
is set to true
:
...
If enable_audit
is set to false
:
...
Info |
---|
To destroy the module and delete the Blue Hexagon security application and log processor, run:
|
...