Azure Resource Discovery Tool

The Azure Resource Discovery Tool is essential for customers who want to assess which of their Azure resources can be integrated with Red Canary. By using this tool, users can enumerate all the resources within their Azure subscriptions, providing a clear picture of what assets are available for integration. This tool is particularly valuable for planning and optimizing security coverage, ensuring that no critical resources are overlooked in the integration process.

Whether you're preparing for a new integration or managing an existing one, the Azure Resource Discovery Tool helps you understand the full scope of resources that can be protected by Red Canary.

Prerequisites

• You must be subscribed to Red Canary's Cloud Control Planes license

• You must have Azure Global Admin rights

• Tenant ID

• Log Analytics Workspace Resource ID

• The enumerate-resources.ps1 script

PowerShell

Red Canary chose PowerShell to accomplish this task as it is a first-party Microsoft application that receives good and continuous support from the Microsoft (MS) ecosystem. With this in mind, Azure customers will likely have at least one person who is highly skilled in its use. PowerShell is available on homebrew as the PowerShell cask, or from Microsoft’s own tap as PowerShell/tap/PowerShell and, once installed, may be started with the pwsh command. Additionally, Azure Cloud

Shell may be used to run PowerShell directly within the Azure management console

Step 1: Microsoft Azure–Run the script

1. Open Azure.

   

2. From the menu bar select the cloud shell icon.

   

3. If this is the first time opening Azure in this tenant, you must choose which shell to work in and create storage.

Note: You will not be asked to choose again.

4. If you were not asked to select your shell, and Bash is already selected (pictured below) click the dropdown option (Bash) and then select PowerShell.

   

5. Click Confirm.

6. From the menu, click Upload.

   

7. Navigate to the location of the script, which you will have received from a representative, or click the link found at the bottom of this article.

8. Select the script from the previous step.

9. At the prompt, enter dir.

10. The enumerate-resources.ps1 script should appear in the listing:

    

11. If you are running PowerShell from the Azure management console, it will, by default run in the context of your currently selected tenant. If you have access to other tenants, you may find them by running Get-AzTenant. This command will display a table of tenants, where the first column, ID, is the tenant ID.

12. To know which tenant the script will run on by default, you can run Get-AzContext.

    

13. Once you have identified the tenant(s) which the script should be run for, run ./enumerate-resources.ps1 -HomeTenantID {ID}

14. You may be asked to install or upgrade certain PowerShell modules from the PowerShell gallery. These are the Microsoft Azure SDK for PowerShell, and the gallery is the official source. Type A for Yes to All, and then press Enter.

The script will produce a table of resources.

Note: It is normal for the script to take some time when counting container images in a tenant with many container registries.

The following content is displayed:

• The home tenantID that it ran.

• All the subscriptions and the resource units from that home tenantID.

Note: When enumerating resources within a tenant, HomeTenantId is used to select them, not TenantId. If quoting for multiple tenants, you must run this script for each tenant rather than from a lighthouse tenant.