Azure Active Directory 1.0.9
  • 20 Mar 2023
  • 3 Minutes to read
  • Dark
    Light
  • PDF

Azure Active Directory 1.0.9

  • Dark
    Light
  • PDF

Article summary

tags: Python | Enrichment | Identity and Access Management


Description

Integration with Azure Active Directory supports CDC users by providing enrichments for specific users, members, devices, and domains via REST API. This enables CDC users to make informed decisions regarding incident response.

Azure Active Directory is Microsoft’s identity and access management solution. It combines easy single sign-on to any cloud and on-premises application. It gives users a single identity to access the applications they want, and collaborate from any platform and device. Azure Active Directory protects identities and streamlines IT processes. It is a universal identity platform that lets you securely engage with internal and external resources.

CyberProof has created actions to add, update, delete, and get details of a user, group of users, device, or domain - so that a CDC user can perform these actions on Azure Active Directory to get the required information in the CDC. Custom adaptive cards are extensively used to display the enriched information in the CDC. This integration enables us to perform automated tasks regarding Azure Active Directory management, if required.

Integration Type:Enrichment
Information Enriched:Identity and access of User, Group of Users, Device, Domain, etc.
API Supported:API v1.0
Input:User/Member/Device/Domain to be enriched.
Output:Details enriched information about User/Member/Device/Domain provided in Input.

Customer Configuration

Azure Active Directory Integration needs to be configured with the Application Service on Azure.

Please follow these steps to create an AAD application.

  1. From your main Azure portal, go to Azure Active Directory.
  2. From the menu on the left-hand side of the screen for AAD, select App Registrations.
  3. Create a new AAD app. Name the application "CDCAAD Enrichment Interface".
  4. Copy the Application ID from the App Properties tab in your Apps menu.
  5. Next, we need to associate this app with permissions to access the Azure Active Directory, which we can do because we have added the Azure Active Directory API Service Principal to this tenant. Open the app you just created, accessible from the AAD menu via the App Registrations tab. Click "Required Permissions" then "Add".
  6. Select Microsoft Graph.
  7. Select Application Permissions.
  8. Search, select, and assign the following permissions to this application:
    Application User.Read.All
    Application Group.Read.All
  9. Grant Admin Consent.
    To grant tenant-wide admin consent from App registrations:
    a. Select Azure Active Directory, then App registrations.
    b. Select the application to which you want to grant tenant-wide admin consent.
    c. Select API permissions and then click Grant admin consent for the relevant Tenant.
    d. This permission allows the CyberProof application access tenant-wide, according to the permissions set in step 8, which in our case are User.Read.All and Group.Read.All
    e. Save this configuration.
  10. Create a Client Secret and save.
  11. Provide the Azure Active Directory Application ID, Tenant ID, Client ID, and Client secret in a secure way with the CDC Deployment team, for further configuration of the pack.
ParameterRequired
Application IDTrue
Tenant IDTrue
Client IDTrue
Client secretTrue

CDC Command Lines

* **get_device_cli**
The CLI of the CDC, of get-device in the CDC message thread.

OptionTypeDescriptionRequired
device_idstringThe device ID from Active Directory.True

* **get_group_cli**
The CLI of the CDC, of get-group in the CDC message thread.

OptionTypeDescriptionRequired
group_idstringGroup ID from Azure Active Directory.True

* **user_ex_cli**
The CLI of the CDC, of user_ex_formatter in the CDC message thread.

OptionTypeDescriptionRequired
userstringThe user id/principal name from Active Directory.True

Workflows

* **post_get_device**
Post formatted-get-device in the CDC, by the ID of the incident/message/channel.

* **post_get_group**
Post formatted-get-group in the CDC, by the ID of the incident/message/channel.

* **post_user_ex**
Post user_ex_formatter in the CDC, by the ID of the incident/message/channel.

* **user_ex_formatter**
Formats the information from Azure Active Directory about a user.


Rules

No rules


Sensors

No sensors


Triggers

No triggers


Known Issues

No known issues


Was this article helpful?