Azure API inventory scanning

Created:
June 16, 2023
Updated:
September 18, 2024

The Azure API Inventory integration enables FireTail to automatically scan and discover API resources within your Azure environment, providing enhanced visibility and control over your cloud-based APIs. By using Azure’s application registration, subscription management, and IAM role assignments, FireTail can access and retrieve API data based on the credentials you provide (Tenant ID, Client ID, Client Secret, Subscription ID). The discovered APIs are then populated into your selected FireTail application. You can configure the scan frequency to ensure your API inventory remains up-to-date, supporting real-time monitoring and security management of your Azure APIs. To set up the integration:

1. Navigate to Integrations in the FireTail platform.

2. Click Azure API Inventory Scanning.

3. In the Name of Integration field, enter a name for the integration. The integration is Enabled by default. Toggle off to make inactive.

4. Log in to the Azure portal.

5. In the portal search for "App registrations".

6. Click New registration, to register a new app.

7. Enter a name for the app and select the relevant option from the Support account types. Click Register.

8. Copy the Tenant ID and Client ID.

9. Return to the FireTail platform and paste the copied values into the corresponding fields of the Azure form.

10. Return to the Azure portal. Click Certificates & secrets.

11. Click New client secret.

12. Provide a description for the secret and select an expiry time from the dropdown. Click Add.

13. Copy the Value. Open the FireTail platform and paste it into the Azure App Client Secret field.

14. Return to the Azure portal. Search for "Subscriptions".

15. Copy the Subscription ID. Return to the FireTail platform and paste the value into the Azure Subscription ID field.

16. Return to the portal. Select the subscription. Select Access control (IAM).

17. Click Add > Add role assignment.

18. In the Roles tab, search for and select the Reader role.

19. Go to the Members tab. Click Select members. Search for the Azure app that you created. Click Select.

20. Click Review + assign when done. Return to the FireTail platform to complete the Azure form

21. Select an application from the dropdown, or click Create to create a new application. This is the application that will be associated with the integration. When you complete the integration this adds the discovered APIs from Azure under the FireTail application that you choose. Learn more about applications here.

23. Enter a Scan Frequency. This is how often the scan is done in seconds. The minimum is 900 seconds (15 minutes).

24. Click Submit to complete the setup.

The discovered APIs can be viewed by navigating to the API or Application tab in the platform.