Azure Support

Fugue supports Microsoft Azure as a cloud provider. You may scan infrastructure in your Azure subscription for compliance, detect drift, and enforce (auto-remediate) resources as you would in AWS. You can also enable compliance report emails with a daily or weekly summary of your compliance posture. Currently, Fugue supports the CIS Azure Foundations Benchmark.

_images/AzureEnvDashboard.png

Setup

See Setup - Azure for complete instructions on setting up an Azure environment. This involves connecting to Azure, selecting resource groups to scan, and selecting a compliance family.

Service Coverage

To view the list of supported Azure resources, see Service Coverage.

Compliance Report Emails

You can receive a daily or weekly summary of your Azure environment’s compliance results by setting up a compliance report email. As with AWS environments, the report includes an executive summary of compliance status along with a list of noncompliant resources and failed rules. For details and setup instructions, see Compliance Report Email.

_images/AzureComplianceReportEmail.png

Azure and the Fugue API

The Fugue API allows you to interact with Azure environments programmatically. You can accomplish the same things using the API that you can using the Fugue UI:

Example: Creating an Azure Environment via the API

For example, to create an Azure environment, you would use the POST method to send a request to the following path…

https://api.riskmanager.fugue.co/v0/environments

…and your request body might look like this:

{
    "name": "Azure API Example",
    "provider": "azure",
    "provider_options": {
        "azure": {
            "tenant_id": "83ad8c73-5f20-4172-0000-000000000000",
            "subscription_id": "20a3dcf5-ce6c-42fa-0000-000000000000",
            "application_id": "7caf2fea-725f-49cc-0000-000000000000",
            "client_secret": "-b/-6oTtKT*cUQBq0000000000000000",
            "survey_resource_groups": [
                "my-resource-group"
            ]
        }
    },
    "compliance_families": [
        "CISAZURE"
    ],
    "scan_schedule_enabled": true,
    "scan_interval": 86400
}

Note that "provider" is set to "azure", "compliance_families" is set to "CISAZURE", and the "provider_options" fields are all specific to Azure – see the API Reference for further documentation.

Creating an Azure Environment with curl

To create the environment above using curl, you would use the following command:

curl -X POST \
https://api.riskmanager.fugue.co/v0/environments -u $CLIENT_ID:$CLIENT_SECRET -d '{
    "name": "Azure API Example",
    "provider": "azure",
    "provider_options": {
        "azure": {
            "tenant_id": "83ad8c73-5f20-4172-0000-000000000000",
            "subscription_id": "20a3dcf5-ce6c-42fa-0000-000000000000",
            "application_id": "7caf2fea-725f-49cc-0000-000000000000",
            "client_secret": "-b/-6oTtKT*cUQBq0000000000000000",
            "survey_resource_groups": [
                "my-resource-group"
            ]
        }
    },
    "compliance_families": [
        "CISAZURE"
    ],
    "scan_schedule_enabled": true,
    "scan_interval": 86400
}'

When the command succeeds, the API returns a JSON document including the details of the newly created environment.

For more information about using curl, see API Tools. For full Swagger documentation, see the API Reference. Or, for general instructions, see the API User Guide.

Creating an Azure Environment with Postman

To create the environment above using Postman, select the POST - Creates a new environment request from the Fugue API Postman collection, then select the “Body” tab and paste your request body into the text box:

_images/PostmanCreateAzure.png

Here’s the request body we used for the example curl command:

{
    "name": "Azure API Example",
    "provider": "azure",
    "provider_options": {
        "azure": {
            "tenant_id": "83ad8c73-5f20-4172-0000-000000000000",
            "subscription_id": "20a3dcf5-ce6c-42fa-0000-000000000000",
            "application_id": "7caf2fea-725f-49cc-0000-000000000000",
            "client_secret": "-b/-6oTtKT*cUQBq0000000000000000",
            "survey_resource_groups": [
                "my-resource-group"
            ]
        }
    },
    "compliance_families": [
        "CISAZURE"
    ],
    "scan_schedule_enabled": true,
    "scan_interval": 86400
}

When you’re ready, hit the “Send” button, and when the request succeeds you’ll see a 201 Created status and a JSON document including the details of the newly created environment.

For more information about using Postman, see API Tools. For full Swagger documentation, see the API Reference. Or, for general instructions, see the API User Guide.

Updating Resource Groups in an Environment

After you have created an Azure environment, you can remove resource groups by editing the environment settings, as long as at least one resource group remains selected. However, to add resource groups after the environment has been created, you must use the Fugue API. Follow the instructions in Setup - Azure to update the resource groups in an environment.