We know that keeping the targets you want to monitor for security weaknesses up to date can be a bit of a pain...
New instances are constantly being spun up in Microsoft Azure, others are being closed down, keeping track of it all can easily become a full time job!
That's why we've created an Azure integration - add your virtual machines' public IP addresses and hostnames from DNS zones as Intruder targets directly from our portal! 🎉
Please note that Internal only Virtual Machines and Azure app service endpoints (including web-apps) won't be picked up automatically. For VMs, you’ll need to install our agent.
How to connect Azure to your Intruder account
1. In Azure, create an application for Intruder
Login to the Azure management portal
Search for 'App registrations' using the search functionality and click to get to the 'App registrations' menu.
Click on the 'New registration' button.
Enter a name (we recommend 'Intruder' or something similar) then click 'Register'.
2. Get the Application ID, Application secret key, Directory ID and Subscription ID from Azure
We require four access keys to connect your Azure account to Intruder:
'Application (client) ID' of the Azure application you just created
'Directory (tenant) ID' from Azure Active Directory (also shown on the App Overview page)
'Application secret key' of the Azure application you just created
'Subscription ID' of your Azure subscription.
You need to get them from various sections of the Azure portal, so it's probably best to open a text document that you can copy them into. It should all be straight-forward if you follow the steps below, so hang in there!
Application (client) ID
Click on the 'Intruder' application that we just created
Click 'Overview' and take a note of the 'Application (client) ID'.
(You'll need this for the 'Application ID' field in the Intruder portal.)
Directory (tenant) ID
You can also get the 'Directory (tenant) ID' from this screen so let's note that one down too. (You'll need this for the 'Directory ID' field in the Intruder portal.)
Application secret key (in Azure you're looking for the secret 'VALUE')
Now scroll down and click on 'Certificates & secrets' in the left navigation panel
Click on the 'New client secret' button:
Enter a description (e.g. 'Intruder')
Set an expiry date (i.e. how long you want the secret to be valid for).
(⚠️ Please note that Intruder will no longer be able to access your Azure account when the secret expires.)
Now click 'Add' and note down the secret 'VALUE'. (Not the Secret ID).
(You'll need this for the 'Application secret key' field in the Intruder portal.)
Important: Please note that you won't be able to see that 'Application secret key' again after you've left this screen, so make sure you copy and paste it now!
Almost there... 😅
Search for 'Subscriptions' using the search functionality and click to see the 'Subscriptions' menu.
Select your subscription from the list of Azure Subscriptions displayed. The following screenshots use the 'Intruder' subscription but yours will likely be specific to your organisation
Take note of your Azure 'Subscription ID':
(You'll need this for the 'Subscription ID' field in the Intruder portal)
3. Create a role
Within your subscription detail page, select 'Access control (IAM)' from the left menu
Then click 'Add role assignment'.
A new window will appear.
Type 'Reader' into the search box
Click on the 'Reader' item in the dropdown. (We require read-only access in order to fetch your public IP addresses and DNS hostnames.)
Click 'Select members', and in the pop up window, search for the application we created earlier (e.g. 'Intruder', or whatever you chose to name it).
Choose that application from the list, and click 'Select'
4. Enter the Application ID, Application secret key, Directory ID and Subscription ID into the Intruder portal
Log into the Intruder portal
Head to the Targets page
Click 'Add Targets'
Select 'Cloud Account Sync'.
Select 'Microsoft Azure'
Enter the Application ID, Application secret key, Directory ID and Subscription ID and click 'Add account'
Now give yourself a pat on the back because you're done! 💪
Renaming your Cloud ID
Just head to your Targets page, hit Settings and then click 'Edit'.
Automating Scans (CloudBot)
Keeping track of new instances when they are added to the portal and ensuring you scan them can be time-consuming. To simplify this, we have the 'Auto-add targets' functionality which adds/removes cloud targets in the Intruder portal to reflect the instances in your Microsoft Azure Account, and also the 'Auto-scan targets' option, shown in red below.
This allows you to automatically kick off a scan on any new cloud instances that are added to your account, as soon as they are discovered which avoids the need for manual intervention to kick off a scan.
Intruder scans comply with Microsoft's Penetration Testing Rules of Engagement.
Note: Azure integration is only available for customers on our Pro, Premium and Vanguard plans.