Azure
Overview
Visualize and analyze Azure resources, including virtual machines, storage accounts, networks, and databases. Monitor resource visibility, governance, and security posture. Enforce security policies, manage configurations, track resource usage, and ensure compliance with organizational standards. Detect vulnerabilities and optimize performance to enhance the security and efficiency of Azure services.
The Azure blueprint configurator facilitates the integration and setup of Azure resources using Terraform scripts. It ensures seamless data and event crawling, allowing organizations to maintain compliance, enhance security, and achieve operational excellence across their Azure environments.
Configurations
Blueprint Account Name
A human-readable name for your account that will be used to identify this account across the application.
Azure Client ID
Azure Client ID with the necessary permissions.
Azure Client Secret
Azure Client Secret with the necessary permissions.
Azure Tenant ID
Azure Tenant ID with the necessary permissions.
Azure Subscription ID
Azure Subscription ID with the necessary permissions.
Storage Account Name
Name of the Azure Storage Account to be used.
Storage Queue Name
Name of the Azure Storage Queue to be used.
Storage Account Key
Key of the Azure Storage Account to be used.
Data Crawl Frequency
The frequency at which Kaleidoscope will crawl the account for resources.
Event Crawl Frequency
The frequency at which Kaleidoscope will crawl the account for events.
Resource Selection
Selectively include or exclude certain resources.
Permissions
Container Registry
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/listCredentials/actionMicrosoft.ContainerRegistry/registries/repositories/tags/list/readMicrosoft.ContainerRegistry/registries/repositories/readMicrosoft.ContainerRegistry/registries/repositories/list/read
Blob Storage
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action
Container SBOM
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/regenerateCredential/actionMicrosoft.ContainerRegistry/registries/credentialSets/readMicrosoft.ContainerRegistry/registries/listCredentials/actionMicrosoft.ContainerRegistry/registries/generateCredentials/actionMicrosoft.ContainerRegistry/registries/repositories/tags/list/readMicrosoft.ContainerRegistry/registries/repositories/readMicrosoft.ContainerRegistry/registries/repositories/list/read
Management Group
Microsoft.Management/managementGroups/read
Postgres Servers
Microsoft.DBforPostgreSQL/servers/readMicrosoft.DBforPostgreSQL/servers/configurations/readMicrosoft.DBforPostgreSQL/servers/firewallRules/readMicrosoft.DBforPostgreSQL/servers/databases/readMicrosoft.DBforPostgreSQL/servers/logFiles/read
Subscriptions
Microsoft.Resources/subscriptions/resourceGroups/read
Billing
Microsoft.CostManagement/Query/usage/readMicrosoft.Consumption/usageDetails/read
Authorization
any
Active Directory
microsoft.directory/groups/allProperties/readmicrosoft.directory/groups/standard/readmicrosoft.directory/groups/members/readmicrosoft.directory/groups/memberOf/readmicrosoft.directory/groups/owners/readmicrosoft.directory/users/standard/readmicrosoft.directory/users/identities/readmicrosoft.directory/users/manager/readmicrosoft.directory/users/directReports/readmicrosoft.directory/users/ownedDevices/readmicrosoft.directory/users/registeredDevices/readmicrosoft.directory/users/deviceForResourceAccount/readmicrosoft.directory/users/licenseDetails/readmicrosoft.directory/users/appRoleAssignments/read
For further documentation on Azure permissions, refer to the: Azure Role-Based Access Control (RBAC) documentation.
SBOM Generation
The Azure blueprint includes SBOM (Software Bill of Materials) generation for container images stored in Azure Container Registry (ACR). This provides comprehensive vulnerability scanning and dependency analysis for containerized applications.
For information about supported languages and package managers for SBOM generation, see: SBOM
Schema Model
Storage Account
storage
Storage
An Azure storage account.
Azure Subscription Account
azure.subscription.Account
Account
An Azure subscription account.
Storage Container
azure.subscription.Container
Storage
A container within an Azure storage account.
Storage Blob
storage.Blob
Blob
A blob stored within an Azure storage account.
Subscription
subscription
Subscription
An Azure subscription.
Subscription Details
subscription.Subscription
Subscription
Detailed Azure subscription information.
Management Group
managementgroup
ManagementGroup
A management group in Azure.
Azure Management Group
azure.managementgroup.ManagementGroup
ManagementGroup
An Azure-specific management group.
Resource Group
resourcegroup
ResourceGroup
A resource group in Azure.
Azure Resource Group
azure.subscription.ResourceGroup
ResourceGroup
A resource group in an Azure subscription.
User
user.User
User
A user in Azure Active Directory.
Virtual Network
virtualnetwork
VirtualNetwork
A virtual network in Azure.
Azure Virtual Network
azure.subscription.VirtualNetwork
VirtualNetwork
A virtual network within an Azure subscription.
Network Interface
azure.subscription.Interface
Interface
A network interface in Azure.
Subnet
azure.subscription.Subnet
Subnet
A subnet within an Azure virtual network.
IP Configuration
azure.subscription.IPConfiguration
IPConfiguration
IP configuration for Azure resources.
Security Group
azure.subscription.SecurityGroup
SecurityGroup
A network security group in Azure.
Security Rule
azure.subscription.SecurityRule
SecurityRule
A security rule within a network security group.
Route Table
azure.subscription.RouteTable
RouteTable
A route table in Azure.
Function
functions.Function
Function
An Azure function.
Postgres Server
postgresserver.PostgresServer
DatabaseServer
A PostgreSQL server in Azure.
OS Disk
azure.subscription.OSDisk
Disk
An OS disk for Azure virtual machines.
Virtual Machine Scale Set VM Profile
azure.subscription.VirtualMachineScaleSetVMProfile
VMProfile
A profile for virtual machine scale sets.
Availability Set
azure.subscription.AvailabilitySet
AvailabilitySet
An availability set for Azure VMs.
Network Profile
azure.subscription.NetworkProfile
NetworkProfile
A network profile in Azure.
Storage Profile
azure.subscription.StorageProfile
StorageProfile
A storage profile in Azure.
Virtual Machine
azure.subscription.VirtualMachine
VirtualMachine
A virtual machine in Azure.
SKU
azure.subscription.SKU
SKU
A specific SKU for Azure resources.
Linux Configuration
azure.subscription.LinuxConfiguration
Configuration
Linux-specific configurations for VMs.
Azure Active Directory Group
azure.activedirectory.Group
Group
A group in Azure Active Directory.
Azure Authorization Role Assignment
azure.authorization.RoleAssignment
RoleAssignment
A role assignment in Azure.
Billing Account
azure.billing.BillingAccount
BillingAccount
An Azure billing account.
Container Registry
azure.containerregistry.Registry
ContainerRegistry
An Azure container registry.
Container
azure.containerapps.Container
Container
A container in Azure Container Apps.
Container App
azure.containerapps.ContainerApp
ContainerApp
A container application in Azure.
Container Registry Network Rule Set
azure.containerregistry.NetworkRuleSet
NetworkRuleSet
A set of network rules for Azure Container Registry.
Container Registry IP Rule
azure.containerregistry.IPRule
IPRule
An IP rule for Azure Container Registry.
Container Registry Policies
azure.containerregistry.Policies
Policies
Policies for Azure Container Registry.
Container Registry Export Policy
azure.containerregistry.ExportPolicy
ExportPolicy
Export policy for Azure Container Registry.
Container Registry Retention Policy
azure.containerregistry.RetentionPolicy
RetentionPolicy
Retention policy for Azure Container Registry.
Container Registry Soft Delete Policy
azure.containerregistry.SoftDeletePolicy
SoftDeletePolicy
Soft delete policy for Azure Container Registry.
Container Registry Trust Policy
azure.containerregistry.TrustPolicy
TrustPolicy
Trust policy for Azure Container Registry.
Container Registry System Data
azure.containerregistry.SystemData
SystemData
System data for Azure Container Registry.
Container Apps System Data
azure.containerapps.SystemData
SystemData
System data for Azure Container Apps.
PostgreSQL Resource Identity
postgresserver.ResourceIdentity
ResourceIdentity
Resource identity for PostgreSQL servers.
PostgreSQL Server Private Endpoint Connection
postgresserver.ServerPrivateEndpointConnection
EndpointConnection
Private endpoint connection for PostgreSQL servers.
PostgreSQL Storage Profile
postgresserver.StorageProfile
StorageProfile
Storage profile for PostgreSQL servers.
Application Gateway Backend Address Pool
azure.subscription.ApplicationGatewayBackendAddressPool
BackendAddressPool
Backend address pool for an application gateway.
Application Gateway Backend Address
azure.subscription.ApplicationGatewayBackendAddress
BackendAddress
Backend address for an application gateway.
Application Gateway IP Configuration
azure.subscription.ApplicationGatewayIPConfiguration
IPConfiguration
IP configuration for an application gateway.
Application Security Group
azure.subscription.ApplicationSecurityGroup
SecurityGroup
Security group for applications.
Backend Address Pool
azure.subscription.BackendAddressPool
BackendAddressPool
Backend address pool in Azure subscriptions.
Gateway Load Balancer Tunnel Interface
azure.subscription.GatewayLoadBalancerTunnelInterface
TunnelInterface
Tunnel interface for gateway load balancers.
Frontend IP Configuration
azure.subscription.FrontendIPConfiguration
IPConfiguration
Frontend IP configuration in Azure subscriptions.
Inbound NAT Rule
azure.subscription.InboundNatRule
NatRule
Inbound NAT rule in Azure subscriptions.
Interface IP Configuration
azure.subscription.InterfaceIPConfiguration
IPConfiguration
Interface IP configuration in Azure subscriptions.
Interface IP Configuration Private Link Connection Props
azure.subscription.InterfaceIPConfigurationPrivateLinkConnectionProperties
PrivateLinkProps
Private link connection properties for interface IP configurations.
Interface Tap Configuration
azure.subscription.InterfaceTapConfiguration
TapConfiguration
Tap configuration for interfaces in Azure subscriptions.
IP Configuration Profile
azure.subscription.IPConfigurationProfile
IPProfile
IP configuration profile in Azure subscriptions.
Load Balancer Backend Address
azure.subscription.LoadBalancerBackendAddress
BackendAddress
Backend address for Azure load balancers.
NAT Rule Port Mapping
azure.subscription.NatRulePortMapping
PortMapping
Port mapping for NAT rules in Azure subscriptions.
NAT Gateway
azure.subscription.NatGateway
Gateway
NAT gateway in Azure subscriptions.
Private Endpoint IP Configuration
azure.subscription.PrivateEndpointIPConfiguration
EndpointConfiguration
Private endpoint IP configuration in Azure subscriptions.
Private Endpoint
azure.subscription.PrivateEndpoint
PrivateEndpoint
Private endpoint in Azure subscriptions.
Custom DNS Config Properties
azure.subscription.CustomDNSConfigPropertiesFormat
DNSProperties
Custom DNS configuration properties.
Private Link Service Connection
azure.subscription.PrivateLinkServiceConnection
LinkConnection
Connection for Azure private link services.
Private Link Service Connection State
azure.subscription.PrivateLinkServiceConnectionState
ConnectionState
State of private link service connection.
Private Link Service
azure.subscription.PrivateLinkService
PrivateLinkService
Private link service in Azure subscriptions.
Public IP Address
azure.subscription.PublicIPAddress
PublicIPAddress
Public IP address in Azure subscriptions.
Public IP Address SKU
azure.subscription.PublicIPAddressSKU
PublicIPAddressSKU
SKU details for public IP addresses in Azure.
Public IP Address DNS Settings
azure.subscription.PublicIPAddressDNSSettings
DNSSettings
DNS settings for public IP addresses in Azure.
DDoS Settings
azure.subscription.DdosSettings
DdosSettings
DDoS settings for Azure resources.
IP Tag
azure.subscription.IPTag
IPTag
IP tag for Azure subscriptions.
Resource Navigation Link
azure.subscription.ResourceNavigationLink
NavigationLink
Navigation link for Azure resources.
Route
azure.subscription.Route
Route
Route configuration for Azure subscriptions.
Service Association Link
azure.subscription.ServiceAssociationLink
AssociationLink
Association link for Azure services.
Service Endpoint Policy Definition
azure.subscription.ServiceEndpointPolicyDefinition
EndpointPolicyDefinition
Policy definition for Azure service endpoints.
Service Endpoint Policy
azure.subscription.ServiceEndpointPolicy
EndpointPolicy
Endpoint policy for Azure services.
Service Endpoint Properties Format
azure.subscription.ServiceEndpointPropertiesFormat
EndpointProperties
Properties for Azure service endpoints.
Virtual Network Peering
azure.subscription.VirtualNetworkPeering
NetworkPeering
Virtual network peering in Azure.
Virtual Network Tap
azure.subscription.VirtualNetworkTap
VirtualTap
Virtual tap for Azure virtual networks.
Events
MICROSOFT.STORAGE/STORAGEACCOUNTS/LISTACCOUNTSAS/ACTION
Retrieves a shared access signature (SAS) token for accessing resources in an Azure Storage account.
Sign-in Activity
Logs and retrieves information about user sign-ins for monitoring and auditing purposes.
MICROSOFT.CONTAINERREGISTRY/REGISTRIES/LISTCREDENTIALS/ACTION
Retrieves credentials for accessing an Azure Container Registry.
Last updated
Was this helpful?