Azure integration
  • 10 Jan 2024
  • 3 Minutes to read
  • PDF

Azure integration

  • PDF

Article summary

Azure Web Application Firewall (WAF) is a cloud-based service provided by Microsoft Azure that helps protect web applications from common web-based threats and attacks. It acts as a reverse proxy and inspects incoming web traffic to your web applications, filtering out malicious requests and traffic before they reach your application servers. Traceable integrates with Azure’s WAF to block IP addresses and threat actors.

Traceable's integration with Azure WAF supports the following two types of rules:

  • IP range rules

  • Threat actor

The following is a high-level integration diagram:

Make a note of the following points regarding threat actor and IP range blocking:

  • Threat actor - Any status change of threat actor on the Traceable Platform is propagated to Azure WAF. For example, if Traceable detects a threat actor and changes it to a deny state, then the requests from this threat actor can be blocked using Azure. Moreover, if you make any changes, for example, adding a threat actor to allowlist or resolving the status, then such changes are reflected in Azure in a few minutes.

  • IP-range blocking - If you configure any custom rules to enforce blocking or allow action to be executed through Azure.

Important

Traceable’s Azure integration does not block IP address with x-forwaded-for and x-real-ip headers.

Traceable recommends going through allow list conditions before creating any IP-range rules. For more information, see IP address allowlist.


Before you begin

Make a note of the following before proceeding with the integration steps:

  • Make sure you have the following before you start the integration process:

    • Tenant ID

    • Client ID

    • Client Secret

    • Subscription ID

  • Reasonable knowledge of Azure WAF and policies in Azure.

  • The policies set by Traceable begin with the prefix. Traceable.


Configuration

To integrate Traceable with Cloudflare, navigate to the Integrations page. Complete the following steps:

  1. Click on WAF. The Environments drop-down list shows the integrations for the chosen environment in addition to the integrations applicable to all the environments.

  2. Click on Configure on the Azure card.

Fill in the following fields and click on Save. You can add one or more than one integration. The same policies are pushed to all the integrations.

  1. Integration Name - Provide an easily identifiable name for Traceable-Azure integration.

  2. Description - Provide a description that defines the purpose or use case for this integration.

  3. Environments - Choose the environment from the drop-down list. These environments could be, for example, production, sandbox, QA, and so on. You can choose one or more than one environment or all the environments.

  4. Azure Tenant ID - In Microsoft Azure, a Tenant ID, also known as a Directory ID or a Directory Tenant ID, is a unique identifier for an Azure Active Directory (Azure AD) tenant. Azure AD is Microsoft's identity and access management service, which manages and secures access to Azure resources.

  5. Azure Subscription ID - An Azure Subscription ID is a unique identifier associated with a specific Azure subscription. You can find your Azure Subscription ID in the Azure portal, typically in the “Subscriptions” section.

  6. Azure environment - Choose from one of the three Azure environments: Azure, China, or the US government.

  7. Client ID - A Client ID, or an Application ID, is a unique identifier associated with an application or service registered in Azure AD. This Client ID uniquely identifies and authenticates the application when it interacts with Azure AD for various purposes.

  8. Client Secret - The Client Secret that you created when registering the application.

Azure policy details

Provide the following policy details for Azure. When you provide the policy name, make sure that you already have a corresponding policy in Azure with the same name. Traceable uses this policy and adds custom rules to it.

  1. Azure WAF policy type - Choose from one of the WAF options: Global WAF (Front Door) or Regional WAF (Application Gateway). Choose the policy based on the type of policy you have chosen in Azure.

  2. Policy name - The policy name is the name of the existing policies associated with the respective Global WAF or Regional WAF.

  3. Resource Group - Provide the name of the resource group.

Click on Test Connection to test the connection with Azure. You can save the integration details only when the test connection is successful.

To verify the integration, check the rules in your security policy in Azure.


Was this article helpful?

ESC

Eddy, a generative AI, facilitating knowledge discovery through conversational intelligence