AI You Can Trustâ„¢
Powered by Deep Learning
Azure
Getting Started
The first step to protecting your Azure cloud with Blue Hexagon Agentless Runtime Cloud Security powered by Deep Learning AI is to connect Blue Hexagon with your Azure subscription(s) by deploying a handy terraform module that automates the setup and management process.
To complete the steps below, you must have a valid Blue Hexagon SaaS license. Please contact your Blue Hexagon representative to obtain a license. You can request a free trial license here.
Deployment
You will be deploying the Blue Hexagon for Azure terraform module in your Azure environment. The module deploys:
An Azure AD Application with the role of Security Reader. The application provides Blue Hexagon access to scan for cloud resource and service misconfigurations, suboptimal security policies, etc.
An Azure Function that ingests NSG Flow Logs and sends them to the Blue Hexagon SaaS portal for analytics.
You must have Azure administrator or equivalent credentials for the subscriptions you wish to protect in order to complete the steps below.
Prerequisites
Azure Cloud Shell already has the tool prerequisites installed, and may be the preferred environment to deploy the terraform module below. You can skip to this step if you are going to use Azure Cloud Shell.
Install the following prerequisites as needed for your platform (Windows, Mac, Linux).
Terraform
https://www.terraform.io/downloads.html
Purpose: Create and manage the Blue Hexagon for Azure infrastructure. Â
az cli
https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=azure-cli
Purpose: Deploy the infrastructure to your Azure subscription.
az func tools
Purpose: Deploy the log processor Azure Function.
python3
https://www.python.org/downloads/
Purpose: Auto-register the Blue Hexagon security application created in Azure AD.
NSG Flow Logs Delivered to Storage Account Blob
Blue Hexagon ingests NSG Flow Logs from an Azure storage account blob container in the same region as where the terraform module is deployed below (see location
variable in terraform.tfvars). There are a couple of different ways in which to enable Flow Logs, both of which first require that an Azure storage account be created.
Create Azure storage account by following the steps here.
Enable NSG Flow Logs for all your network security groups.
Deploy Terraform Module
The most convenient way to deploy the terraform module is via Azure Cloud Shell using a bash
terminal.
Step 1: Launch Cloud Shell.
Step 2: Download the terraform module bluehexagon_azure.zip from here, and upload to Cloud Shell.
Step 3: Unzip bluehexagon_azure.zip, entering the password provided by your Blue Hexagon representative to extract the archive.
Step 4: Modify terraform.tfvars
, specifically modifying the following variables:
project
andenvironment
can be named per your enterprise application naming conventions. Note that Azure naming conventions and character limits will apply; it is recommended to keep these variables short, with only lowercase letters and numbers.location
Set to the region in which you wish to deploy Blue Hexagon, e.g. westus2.bh_license
Set to the Blue Hexagon for Azure SaaS license.enable_audit
Set totrue
(default) to create the Security Audit app to uncover misconfigurations. Set tofalse
to not create the Security Audit app.flow_logs_storage_connection_string
Set to the connection string for the Azure storage account where NSG Flow Logs are delivered. See screenshot below for where you can find the connection string. Leave this blank""
if you do not wish to process flow logs.activity_logs_storage_connection_string
Set to the connection string for the Azure storage account where Azure Activity Logs are delivered. See screenshot below for where you can find the connection string. Leave this blank""
if you do not wish to process activity logs.
Step 5: Run the following commands to deploy the module in each Azure subscription as needed.
terraform init terraform apply -auto-approve
Step 6: If terraform apply runs successfully, and the created application registers with Blue Hexagon, you should see the following outputs.
If enable_audit
is set to true
:
If enable_audit
is set to false
:
To destroy the module and delete the Blue Hexagon security application and log processor, run:
terraform destroy
Next Steps
Verify and View Data in the Blue Hexagon Portal
Once deployed, Blue Hexagon will start the security audit of your Azure subscriptions and surface NSG Flow Logs records, insights, and security findings in the Blue Hexagon portal. Information will show in the portal in a few or several minutes, depending on the size of your Azure environment.
NG-NDR Add-On Pack
If you have a packet broker such as Keysight Ixia CloudLens or Azure VTAP, you can add the Blue Hexagon NG-NDR pack as described here.