Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • An Azure AD Application with the role of Security Reader. The application provides Blue Hexagon access to scan for cloud resource and service misconfigurations, suboptimal security policies, etc.

  • An Azure Function that ingests NSG Flow Logs and Azure Activity Logs and sends them to the Blue Hexagon SaaS portal for analytics.

...

  1. Create Azure storage account by following the steps here.

  2. Enable NSG Flow Logs for all your network security groups.

    1. Method 1: Enable flow logs for each individual network security group as described here.

    2. Method 2: Use the built-in Azure Policy policy to enable flow logs automatically for all network security groups as described here.

Anchor
SetupActivityLogs
SetupActivityLogs
Azure Activity Logs Delivered to Storage Account Blob

Blue Hexagon ingests Azure Activity Logs from an Azure storage account blob container in the same region as where the terraform module is deployed below (see location variable in terraform.tfvars). To deliver Azure Activity Logs to a storage account:

  1. Create Azure storage account by following the steps here.

  2. Enable Activity Logs and send them to the storage account by following the steps here.

Deploy Terraform Module

The most convenient way to deploy the terraform module is via Azure Cloud Shell using a bash terminal.

...

  1. project and environment can be named per your enterprise application naming conventions. Note that Azure naming conventions and character limits will apply; it is recommended to keep these variables short, with only lowercase letters and numbers.

  2. location Set to the region in which you wish to deploy Blue Hexagon, e.g. westus2.

  3. bh_license Set to the Blue Hexagon for Azure SaaS license.

  4. enable_audit Set to true (default) to create the Security Audit app to uncover misconfigurations. Set to false to not create the Security Audit app.

  5. flow_logs_storage_connection_string Set to the connection string for the Azure storage account where NSG Flow Logs are delivered. See screenshot below for where you can find the connection string. Leave this blank "" if you do not wish to process flow logs.

  6. activity_logs_storage_connection_string Set to the connection string for the Azure storage account where Azure Activity Logs are delivered. See screenshot below for where you can find the connection string. Leave this blank "" if you do not wish to process activity logs.

Step 5: Run the following commands to deploy the module in each Azure subscription as needed.

...

Step 6: If terraform apply runs successfully, and the created application registers with Blue Hexagon, you should see the following outputs.

If enable_audit is set to true:

...

If enable_audit is set to false:

...

Info

To destroy the module and delete the Blue Hexagon security application and log processor, run:

terraform destroy

...