How to install a Scanner Appliance on Azure (beta)

Holm Security have developed a Scanner Appliance image for Microsoft Azure.

The image is distributed as an Azure Virtual Machine Image and allows any of our customers to spin up a Scanner appliance within their own Azure account. 

As Azure has no UI support to share images there are a set of Azure CLI commands to be used for the customer to initiate a Scanner Appliance in Azure. To make this as easy as possible we have come up with a single script that handles the majority of commands automatically. 

Preparation for the Scanner appliance in Security Center

Make sure you have added a new Cloud Azure scanner appliance in Security Center. 

Note down the token that you received, it will be used when initiating the virtual machine in Azure.

Steps to set up Scanner appliance in Azure

  1. Make sure you have access to Azure CLI or Azure Web CLI. 
    1. To use Azure Web CLI you will need to run before anything else "pip install azure-cli"
      Read more:
      https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-apt?view=azure-cli-latest
    2. To execute this locally, make sure you can execute bash scripts and have Azure CLI installed. 
  2. Share the follow information to support@holmsecurity.com (where the Scanner Appliance will run in your Azure account):
    • Azure Region name (e.g Northern Europe)
  3. Wait for confirmation from Support that the Scanner Appliance image is ready within your region.
  4. Support will share the information required to initiate Scanner Appliance

Find your Azure tenant ID (aka customer tenant id)

  1. Go to Azure portal home and search for "Active Directoy".
  2. Go to Manage / Properties
  3. Copy "Directory ID"
    1. Directory ID is what we refer to as the customer tenant id

Allow your Azure account to access Scanner Appliance image from Holm Security

  1. Replace the Customer tenant ID (Azure tenant ID) and the AppID you received from support in the link below.
  2. Visit the below link once you have replaced the proper values. This will enable the access required.

Once the link has been visited. Login to your Azure account and perform the following steps:

  1. Select (or create) the resource group on your Azure account which will be used to initiate Holm Security Scanner Appliance 
  2. In the resource group, select Access control (IAM), click on Add and select Add role assignment
  3. Fill in the following fields:
    1. Role = "Contributor"
    2. Access to = "Azure AD user, group, or service principal"
    3. In the third field, select the target scannershare (this name comes from Holm Security Azure account)
    4. Save

Steps to initiate Scanner Appliance as a virtual machine (VM) in Azure

Prerequisites

  1. Support have shared a link to download the script named start_scanner.sh which will take care of running the required azure cli commands to initiate the Scanner Appliance as a VM.
  2. Support have shared the information required to be used as input arguments to this script. 

Steps to proceed:

  1. Download start_scanner.sh using the link provided by Support (e.g using wget)
  2. Input arguments with required customer information
    • vm-name
      Name of the VM that is initiatied with the Scanner Appliance
    • rg-name
      Resource group name created in customer Azure account 
    • cust-tenant
      Customer tenant ID which was identified in a previous step
    • vm-size
      Valid Azure VM size ID. Default is Standard_B2ms
    • probe-token
      Scanner appliance token from the entry in Security Center 
  3. Proceed executing the start_scanner.sh 
    • Note: Please ensure that no special characters are used in the VM name as it might lead to validation errors
    • To receive more information about the input arguments you can run:
      sh ./start_scanner.sh --help

Example command:

sh ./start_scanner.sh --cust-tenant="nnn-n-n-n-nnn" --holm-tenant="nnn-n-n-n-nnn" --app-id="nnn-n-n-n-nnn" --secret-token="xyz" --vm-name="example-vm-holm" --rg-name="abc" --image-url="/insert/image/url" --probe-token="yyyyyy"

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.