Import assets from Azure DNS.
The easiest way to get started with importing Azure DNS assets is to use Azure's Cloud Shell to obtain settings and create a Role Assignment for Halo Security. After setup is complete, we can visit the Halo Security platform to finish the connector integration.
In Cloud Shell, type the following command to retrieve the Subscription ID:
az account show --query id --output tsv
Type the following command to view Resource Groups for DNS Zones. Resource Groups will be used to limit the permissions and access for Halo Security's Role Assignment:
az network dns zone list --query .resourceGroup --output tsv
Creating a Role Assignment allows Halo Security to access DNS zones and records with read-only permissions. Create an assignment by typing the following command, replacing SUBSCRIPTION_ID and RESOURCE_GROUP with the appropriate values retrieved above:
az ad sp create-for-rbac -n "HaloSecurity" --role Reader --scopes /subscriptions/SUBSCRIPTION_ID/resourceGroups/RESOURCE_GROUP
Take note of the output of this command, which will be used when connecting Azure to the Halo Security platform. It should look something similar to the following:
Click the "+" icon in the top right to add a new connector. Choose a name and select "Azure" for the type. After creating the connector, finish setting it up by providing the following values that were obtained during the Azure Setup process:
- Client ID:
appIdvalue created in Step 3
- Client Secret:
passwordvalue created in Step 3
tenantvalue created in Step 3
- Subscription Id: Subscription ID value retrieved in Step 1
Finally, click "Save Changes" and your connector will be ready for use. If you did not enable Auto Run, you can run the connector at any time by clicking the start icon.