Azure Network Security Groups Out-of-the-box Response Integration

Azure Network Security Groups Out-of-the-box Response Integration

This article describes the required procedure to integrate Microsoft Azure NSG with Lumu for automated response procedures. This is one of our featured Out-of-the-Box Response Integrations

Requirements

  1. An Azure administrator account with an active subscription and at least one available network security group
  2. An Active Lumu Defender subscription or a Lumu for MSP account

Preliminary Setup - Microsoft Azure

In order to set up the integration, you will need to prepare Microsoft Azure to communicate with the Lumu integration. To do this, you will need the following:
  1. An available Azure Network Security Group
Next, we will guide you through the process of creating one.

Create a Network Security Group

1. Open your web browser and access the Azure Portal with an active subscription account. Under the Azure Services header, open the Network Security Groups section.
Notes
If you do not have a work account, you can read Microsoft’s documentation to learn more.

2. Once in the Network Security Group section, click on the Create button at the top of the page.

3. In the window that opens, under the Basics tab, follow these steps:
  1. In Subscription(1), select the Azure Subscription that will receive the integration.
  2. In Resource Group(2), choose an existing new group, or create a new one.
  3. In Name(3), enter a unique name for your Network Security Group.
  4. In Region(4) select the region in which you want to deploy your Network Security Group. 
  5. Once these fields are filled, click on the Next: Tags button at the bottom of the screen.


4. Optionally, you can add Tags to organize and categorize your Network Security Group. Whether you want to skip this step or after adding tags, click on the Next: Review + create button at the bottom of the screen.
Notes
For more information on the use of tags, refer to the Microsoft documentation on the topic.

5. Azure will validate the information registered. Once this process is finished, and the information is valid, a window with the Validation Passed prompt will appear. If successful, click on the blue Create button at the bottom of the screen.


6. Wait for the deployment to complete and verify the Network Security Group has been correctly created by returning to the Network Security Group section from Step 1 of the Create a Network Security Group section.



Integration Setup - Lumu Portal

This section of the article describes the steps that must be completed on the Lumu Portal to properly set up the Microsoft Azure NSG Integration. To start, log into your Lumu account through the Lumu Portal
Notes
Integrations are also available for Lumu MSP accounts. To access them, log into the Lumu MSP Portal.
1. In the Lumu Portal, head to the panel on the left and open the Integrations drop-down menu. Then, click on Apps. Click on the Response tab on the right to filter the available integrations accordingly.


2. Locate the Azure Network Security Groups integration


3. Familiarize yourself with the integration details and click the Activate button to start the integration setup process. 


4. Carefully read the instructions provided. Once ready, click on Activate to begin the redirection process to Microsoft to complete the integration activation


5. The Microsoft sign-in page will appear as shown below

Alert
Make sure to log in with an administrator account, as only an administrator can grant full access across the entire organization.
6. After successfully authenticating your account, you'll encounter a window listing the permissions that you are about to grant access to. Check the box labeled Consent on behalf of your organization to proceed. Then, click Accept



Alert
If the box labeled Consent on behalf of your organization isn’t checked, you will not be able to proceed with the integration setup.
7. Now, you will see the following window, in which you will need to select the subscription for the integration. Keep in mind that you need an active subscription that supports Network Security Group services. After selecting the subscription click on Next.


8. In the following window, enter a meaningful Name. Under Threat Types, select the particular threat mappings you wish to push to Microsoft Azure NSG. Then, choose the Network Security Group you plan to push the indicators to. Once everything is complete, click on Activate.
Notes
If you created a new one using the instructions in the previous section, then here you would select the Network Security Group name from Step 3c from the Create a Network Security Group section.
Alert
You need at least one Network Security Group associated with your authenticated account for the setup process to continue.

9. Wait for Lumu to setup the integration mechanism

10. Once it’s finished you can click Close

11. The integration is now created and active. Now, the Lumu Portal will display the details of the created integration.

Final Steps - Validate the Integration in Microsoft Azure

1. Once the integration is activated, the Outbound security rules section of the Network Security Group selected will be updated with confirmed compromises found by Lumu within the preceding 3 days.


    Still can’t find an answer?
    Send a message to our experts.
    Contact Us

        • Related Articles

        • Microsoft Azure Virtual Network Flow Logs Custom Data Collection Integration

          In this article, you will find out how to configure your Microsoft Azure subscription and its Lumu Custom Data Collection integration to pull, transform, and inject Azure virtual network flow logs into Lumu to enhance the detection & response ...

        • Infoblox Threat Defense Out-of-the-Box Response Integration

          This article describes the required procedure to integrate Infoblox Threat Defense with Lumu for automated response procedures. This is one of our featured Out-of-the-Box Response Integrations. Requirements Below you will find the technical ...

        • Microsoft Defender Out-of-the-Box Response Integration

          To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. Microsoft Azure is now called Entra ID Requirements One of the following Microsoft plans: Microsoft 365 Business Premium Microsoft 365 E3/E5 Microsoft ...

        • MikroTik RouterOS Out-of-the-Box Response Integration

          This article describes the required procedure to integrate MikroTik RouterOS with Lumu for automated response procedures. This is one of our featured Out-of-the-Box Response Integrations. Requirements A MikroTik RouterOS firmware administrator user. ...

        • Sophos Enhanced Out-of-the-box Response Integration

          Lumu can be integrated with other cybersecurity solutions to streamline response processes, including Sophos Firewall, and among the integration possibilities between Lumu and Sophos Firewall, we have the Enhanced OOTB Integration. The Enhanced OOTB ...