Azure Active Directory 1.0.9

tags: Python | Enrichment | Identity and Access Management

Description

Integration with Azure Active Directory supports CDC users by providing enrichments for specific users, members, devices, and domains via REST API. This enables CDC users to make informed decisions regarding incident response.

Azure Active Directory is Microsoft’s identity and access management solution. It combines easy single sign-on to any cloud and on-premises application. It gives users a single identity to access the applications they want, and collaborate from any platform and device. Azure Active Directory protects identities and streamlines IT processes. It is a universal identity platform that lets you securely engage with internal and external resources.

CyberProof has created actions to add, update, delete, and get details of a user, group of users, device, or domain - so that a CDC user can perform these actions on Azure Active Directory to get the required information in the CDC. Custom adaptive cards are extensively used to display the enriched information in the CDC. This integration enables us to perform automated tasks regarding Azure Active Directory management, if required.

Customer Configuration

Azure Active Directory Integration needs to be configured with the Application Service on Azure.

Please follow these steps to create an AAD application.

1. From your main Azure portal, go to Azure Active Directory.
2. From the menu on the left-hand side of the screen for AAD, select App Registrations.
3. Create a new AAD app. Name the application "CDCAAD Enrichment Interface".
4. Copy the Application ID from the App Properties tab in your Apps menu.
5. Next, we need to associate this app with permissions to access the Azure Active Directory, which we can do because we have added the Azure Active Directory API Service Principal to this tenant. Open the app you just created, accessible from the AAD menu via the App Registrations tab. Click "Required Permissions" then "Add".
6. Select Microsoft Graph.
7. Select Application Permissions.
8. Search, select, and assign the following permissions to this application:
   Application User.Read.All
   Application Group.Read.All
9. Grant Admin Consent.
   To grant tenant-wide admin consent from App registrations:
   a. Select Azure Active Directory, then App registrations.
   b. Select the application to which you want to grant tenant-wide admin consent.
   c. Select API permissions and then click Grant admin consent for the relevant Tenant.
   d. This permission allows the CyberProof application access tenant-wide, according to the permissions set in step 8, which in our case are User.Read.All and Group.Read.All
   e. Save this configuration.
10. Create a Client Secret and save.
11. Provide the Azure Active Directory Application ID, Tenant ID, Client ID, and Client secret in a secure way with the CDC Deployment team, for further configuration of the pack.

CDC Command Lines

* **get_device_cli**
The CLI of the CDC, of get-device in the CDC message thread.

* **get_group_cli**
The CLI of the CDC, of get-group in the CDC message thread.

* **user_ex_cli**
The CLI of the CDC, of user_ex_formatter in the CDC message thread.

Workflows

* **post_get_device**
Post formatted-get-device in the CDC, by the ID of the incident/message/channel.

* **post_get_group**
Post formatted-get-group in the CDC, by the ID of the incident/message/channel.

* **post_user_ex**
Post user_ex_formatter in the CDC, by the ID of the incident/message/channel.

* **user_ex_formatter**
Formats the information from Azure Active Directory about a user.

Rules

No rules

Sensors

No sensors

Triggers

No triggers

Known Issues

No known issues