Azure Onboarding

Pre-requisites

Download the requisite policy files(.json) and script(“.py” or “.sh” from the Saner Cloud Onboarding page) into your preferred location.

[Mandatory] Click here to download the Azure Remediation Policy
[Mandatory] Click here to download the Azure Graph API
sp-saner-cnapp-azure-onboarding.py
sp-saner-cnapp-azure-onboarding.sh

Download the “.py” OR “.sh” file

Just make sure to have logged into the application with administrator privileges. You can download the .py and .sh files from the Azure Onboarding page in Saner Cloud Security Deployment.

Access the Control Panel and choose the relevant organization
Click on the CNAPP menu from the sidebar
Choose Cloud Deployment under Cloud Infrastructure Deployment
Choose the Account Name that you want to onboard. The Azure Onboarding page opens.
Click the link “Download Onboarding Script” and click the script you choose to download

Access Cloud Shell

Step 1: Go to the Azure portal: https://portal.azure.com

Step 2: Click the Cloud Shell icon (top-right corner in the portal’s menu bar)

REMEMBER: Switch to Bash, incase you’re in the powershell mode.

Switch to Bash

Step 1: If the Cloud Shell opens in PowerShell mode, switch to Bash by clicking the dropdown arrow next to the shell type

Step 2: Select Bash

IMPORTANT: Make sure you have the appropriate permissions(preferably, global administrator) to execute the bash script.

Fetch the Subscription ID

Step 1: In the Azure portal search bar, type “subscription”

Step 2: Click on Subscriptions from the search results

Copy the Subscription ID to Use in Script Execution

Step 1: You’ll see a list of subscriptions associated with your Azure account

Step 2: Identify the relevant Subscription ID

Note: Copy the Subscription ID and pass it as an input parameter when executing your custom script.

Transfer Policy Files(.json) and Scripts(“.sh” or “.py”) to Azure CLI

Pre-requisite: Make sure you have the appropriate permissions(preferably, global administrator) to execute the bash script.

Use “wget” Command to Download the JSON Policy Files

Its mandatory that you execute both the commands in Azure CLI in-order to download the JSON policy files:

wget https://sp-saner-cnapp-prod-public.s3.us-west-2.amazonaws.com/sp-saner-cnapp-azure-rem-policy.json

wget https://sp-saner-cnapp-prod-public.s3.us-west-2.amazonaws.com/sp-saner-cnapp-azure-graph-api-perm.json

Transfer the Script Files Using “nano” or “vim” Text Editor

Copy the content from any of the following script files, paste into the editor, and hit the enter key.

sp-saner-cnapp-azure-onboarding.py
sp-saner-cnapp-azure-onboarding.sh

Execute the Scripts

After transferring the JSON files and script(.py or .sh) into Azure CLI, provide permission and begin with script execution. You can either execute the “.sh” or “.py” script as per your preference.

The following steps are described using “.sh” as an example.

Step 1[Provide Permission]: Type the following command into the Azure Bash session

chmod +x sp-saner-cnapp-azure-onboarding.sh

Step 2: Execute the Script

./sp-saner-cnapp-azure-onboarding.sh

Step3: Type the next command and key in your subscription id into the portion with quotes and hit the enter key:

./sp-saner-cnapp-azure-onboarding.sh –subscription-id “xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”

Step4: Observe the script in processing state

Get Onboarding Details After Script Execution Completes

Once the script execution completes, the output provides the information needed for Azure onboarding in Saner Cloud.

Recommendation: Record the values of the output as you need to provide these values as input when you complete the onboarding for your account subscription in Saner Cloud.

The output displays the following details: