Azure Compute v2
Create and Manage Azure Virtual Machines
This integration was integrated and tested with Azure Compute API Version: 2017-12-01.
Authentication
For more details about the authentication used in this integration, see Microsoft Integrations - Authentication .- After authorizing the Demisto app, you will get an ID, Token, and Key, which should be inserted in the integration instance configuration's corresponding fields. After giving consent, the application has to have a role assigned so it can access the relevant resources per subscription.
-
In order to assign a role to the application after consent was given:
- Go to the Azure Portal UI.
- Go to Subscriptions, and then Access Control (IAM).
- Click Add.
-
Select a role that includes the following permissions:
- Microsoft.Compute/virtualMachines/*
- Microsoft.Network/networkInterfaces/read
- Microsoft.Resources/subscriptions/resourceGroups/read
- Select the Azure Compute application.
Configure Azure Compute v2 on Cortex XSOAR
- Navigate to Settings > Integrations > Servers & Services .
- Search for Azure Compute v2.
-
Click
Add instance
to create and configure a new integration instance.
- Name : a textual name for the integration instance.
- Host URL (e.g. https://management.azure.com)
- ID (received from the admin consent - see Detailed Instructions (?)
- Token (received from the admin consent - see Detailed Instructions (?) section)
- Key (received from the admin consent - see Detailed Instructions (?)
- Default Subscription ID
- Use system proxy
- Trust any certificate (not secure)
- Use a self-deployed Azure Application
- Click Test to validate the new instance.
Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- List VM instances for a resource group: azure-vm-list-instances
- Power on a VM: azure-vm-start-instance
- Power off a VM: azure-vm-poweroff-instance
- Get details for a VM: azure-vm-get-instance-details
- Create a VM instance: azure-vm-create-instance
- List all subscriptions for the application: azure-list-subscriptions
- List all resource groups for the Azure subscription: azure-list-resource-groups
- Delete a VM instance: azure-vm-delete-instance
1. List VM instances for a resource group
List the VM instances in the specified Resource Group.
Base Command
azure-vm-list-instances
Input
| Argument Name | Description | Required |
|---|---|---|
| resource_group |
Resource Group of the VMs. To see all the resource groups
associated with your subscription try executing the
azure-list-resource-groups
command.
If none are present then please visit the Azure Web Portal
to create resource groups.
|
Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Azure.Compute.Name | string | Name of the VM |
| Azure.Compute.Location | string | Location of the VM |
| Azure.Compute.ProvisioningState | string | Provisioning State of the VM |
| Azure.Compute.ResourceGroup | string | Resource group where the VM resides in |
| Azure.Compute.ID | string | ID of the VM |
| Azure.Compute.Size | number | Size of the deployed VM (in GB) |
| Azure.Compute.OS | string | OS running on the VM |
Command Example
!azure-vm-list-instances resource_group=compute-integration
Context Example
{
"Azure.Compute": [
{
"Name": "TestOAuth",
"ResourceGroup": "compute-integration",
"Location": "westeurope",
"Size": 32,
"OS": "Linux",
"ID": "a050ff2e-85ab-44d9-b822-3bc3111739e0",
"ProvisioningState": "Succeeded"
}
]
}
Human Readable Output
Microsoft Azure - List of Virtual Machines in Resource Group âcompute-integrationâ
| Name | ID | Size | OS | Location | ProvisioningState | ResourceGroup |
|---|---|---|---|---|---|---|
| TestOAuth | a050ff2e-85ab-44d9-b822-3bc3111739e0 | 32 | Linux | westeurope | Succeeded | compute-integration |
2. Power on a VM
Powers-on a specified VM.
Base Command
azure-vm-start-instance
Input
| Argument Name | Description | Required |
|---|---|---|
| resource_group |
Resource Group to which the virtual machine belongs.
To see all the resource groups associated with your subscription try executing the
azure-list-resource-groups
command.
If none are present visit the Azure Web Portal to create
resource groups.
|
Required |
| virtual_machine_name |
Name of the virtual machine to power-on.
To see all the VMs with their associated names for a specific resource group try executing the
azure-vm-list-instances
command.
|
Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Azure.Compute.Name | string | Name of the VM that was started |
| Azure.Compute.ResourceGroup | string | Resource group the VM resides in |
| Azure.Compute.PowerState | string | Whether the VM instance is powered on or off |
Command Example
!azure-vm-start-instance resource_group=compute-integration virtual_machine_name=TestOAuth
Context Example
{
"Azure.Compute": {
"ResourceGroup": "compute-integration",
"PowerState": "VM starting",
"Name": "TestOAuth"
}
}
Human Readable Output
Power-on of Virtual Machine âTestOAuthâ Successfully Initiated
| ResourceGroup | PowerState | Name |
|---|---|---|
| compute-integration | VM starting | TestOAuth |
3. Power off a VM
Powers-off a specified VM.
Base Command
azure-vm-poweroff-instance
Input
| Argument Name | Description | Required |
|---|---|---|
| resource_group |
Resource Group to which the virtual machine belongs.
To see all the resource groups associated with your subscription try executing the
azure-list-resource-groups
command.
If none are present then please visit the Azure Web Portal
to create resource groups.
|
Required |
| virtual_machine_name |
Name of the virtual machine to power-off.
To see all the VMs with their associated names for a specific resource group try executing the
azure-vm-list-instances
command.
|
Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Azure.Compute.Name | string | Name of the VM that was powered down |
| Azure.Compute.ResourceGroup | string | Resource group the VM resides in |
| Azure.Compute.PowerState | string | Whether the VM instance is powered on or off |
Command Example
!azure-vm-poweroff-instance resource_group=compute-integration virtual_machine_name=TestOAuth
Context Example
{
"Azure.Compute": {
"ResourceGroup": "compute-integration",
"PowerState": "VM stopping",
"Name": "TestOAuth"
}
}
Human Readable Output
Power-off of Virtual Machine âTestOAuthâ Successfully Initiated
| ResourceGroup | PowerState | Name |
|---|---|---|
| compute-integration | VM stopping | TestOAuth |
4. Get details for a VM
Gets the properties of a specified VM.
Base Command
azure-vm-get-instance-details
Input
| Argument Name | Description | Required |
|---|---|---|
| resource_group |
Resource Group to which the virtual machine belongs.
To see all the resource groups associated with your subscription try executing the
azure-list-resource-groups
command.
If none are present then please visit the Azure Web Portal
to create resource groups.
|
Required |
| virtual_machine_name |
Name of the virtual machine you wish to view the details
of.
To see all the VMs with their associated names for a specific resource group try executing the
azure-vm-list-instances
command.
|
Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Azure.Compute.Name | string | Name of the VM whose details were requested |
| Azure.Compute.ID | string | ID of the VM |
| Azure.Compute.Size | number | Size of the deployed VM in gigabytes |
| Azure.Compute.OS | string | OS running in the specified VM |
| Azure.Compute.ProvisioningState | string | Provisioning state of the deployed VM |
| Azure.Compute.Location | string | Region in which the VM is hosted |
| Azure.Compute.PowerState | string | Whether the VM instance is powered on or off |
| Azure.Compute.ResourceGroup | string | Resource group in which the VM belongs |
Command Example
!azure-vm-get-instance-details resource_group=compute-integration virtual_machine_name=TestOAuth
Context Example
{
"Azure.Compute": {
"PowerState": "VM starting",
"Name": "TestOAuth",
"ResourceGroup": "compute-integration",
"Location": "westeurope",
"Size": 32,
"OS": "Linux",
"ID": "a050ff2e-85ab-44d9-b822-3bc3111739e0",
"ProvisioningState": "Updating"
}
}
Human Readable Output
Properties of VM âTestOAuthâ
| Name | ID | Size | OS | ProvisioningState | Location | PowerState |
|---|---|---|---|---|---|---|
| TestOAuth | a050ff2e-85ab-44d9-b822-3bc3111739e0 | 32 | Linux | Updating | westeurope | VM starting |
5. Create a VM instance
Creates a virtual machine instance with the specified OS image.
Base Command
azure-vm-create-instance
Input
| Argument Name | Description | Required |
|---|---|---|
| resource_group |
Resource group to which the new VM will belong.
To see all the resource groups associated with your subscription try executing the
azure-list-resource-groups
command.
If none are present then please visit the Azure Web Portal
to create resource groups.
|
Required |
| virtual_machine_name | Name of the virtual machine to create | Required |
| virtual_machine_location | Location to create the VM | Required |
| nic_name |
The name of the Network Interface to link the VM with. A
Network Interface has to be created from within the Azure
Portal. Note that the vmâs location property must match that
of the Network Interface you choose to link it to.
To see a list of available Network Interfaces visit the Azure Web Portal, navigate to the search bar at the top of the page, type in ânetwork interfacesâ and in the drop-down menu that appears as you type, click on the âNetwork interfacesâ option that appears under the âServicesâ category. If none are present, you will need to create a new Network Interface which you can do by clicking the â+Addâ button towards the top left of the page and following the instructions. For more information regarding Network Interfaces see the Microsoft API documentation . |
Required |
| vm_size |
The name of a VirtualMachineSize which determines the size
of the deployed vm.
For more information see the Microsoft API documentation . |
Required |
| os_image | Choose the base operating system image of the vm | Optional |
| sku |
SKU of the OS image to be used.
To see a list of available SKUs, visit your Azure Web Portal, click the symbol that looks similar to a â>â along the top bar of the page which should open a cloud shell. Make sure it is a bash shell. At the command prompt enter
az vm image list-skus
along
with the appropriate arguments that it will prompt you with
to display the list of VM image SKUs available in the Azure
Marketplace.
|
Optional |
| publisher |
Name of the publisher of the OS image.
To see a list of available publishers, visit your Azure Web Portal, click the symbol that looks similar to a â>â along the top bar of the page which should open a cloud shell. Make sure it is a bash shell. At the command prompt enter
az vm image list-publishers
along
with the appropriate arguments that it will prompt you with
to display the list of VM image publishers available in the
Azure Marketplace.
|
Optional |
| version |
Version of the image to use.
The allowed formats are Major.Minor.Build or âlatestâ. Major, Minor, and Build are decimal numbers. Specify âlatestâ to use the latest version of an image available at deploy time. |
Optional |
| offer |
Specifies the offer of the platform image or marketplace
image used to create the virtual machine.
To see a list of available offers, visit your Azure Web Portal, click the symbol that looks similar to a â>â along the top bar of the page which should open a cloud shell. Make sure it is a bash shell. At the command prompt enter
az vm image list-offers
along
with the appropriate arguments that it will prompt you with
to display the list of VM image offers available in the Azure
Marketplace.
|
Optional |
| admin_username | Admin Username to be used when creating the VM | Optional |
| admin_password | Admin Password to be used when creating the VM | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| Azure.Compute.Name | string | Name of the created VM instance |
| Azure.Compute.ResourceGroup | string | Resource group the VM resides in |
| Azure.Compute.ID | string | ID of the VM |
| Azure.Compute.Size | number | Size of the deployed VM in gigabytes |
| Azure.Compute.OS | string | OS running in the specified VM |
| Azure.Compute.ProvisioningState | string | Provisioning state of the deployed VM |
| Azure.Compute.Location | string | Region in which the VM is hosted |
Command Example
!azure-vm-create-instance resource_group=compute-integration nic_name=compute-integration-nic1 virtual_machine_location=westeurope vm_size=Standard_D1_v2 virtual_machine_name=DemoVM os_image="Ubuntu Server 18.04 LTS"
Context Example
{
"Azure.Compute": {
"Name": "DemoVM",
"ResourceGroup": "compute-integration",
"Location": "westeurope",
"Size": "NA",
"OS": "Linux",
"ID": "106a46b3-e999-44fd-be41-270a76e722fa",
"ProvisioningState": "Creating"
}
}
Human Readable Output
Created Virtual Machine âDemoVMâ
| Name | ResourceGroup | Location | Size | OS | ID | ProvisioningState |
|---|---|---|---|---|---|---|
| DemoVM | compute-integration | westeurope | NA | Linux | 106a46b3-e999-44fd-be41-270a76e722fa | Creating |
6. Lists the subscriptions for this application.
Lists the subscriptions for this application.
Base Command
azure-list-subscriptions
Input
No inputs for this command.
Context Output
| Path | Type | Description |
|---|---|---|
| Azure.Subscription.Name | string | Subscription Name |
| Azure.Subscription.ID | string | Subscription ID | Azure.Subscription.State | string | Subscription State |
Command Example
!azure-list-subscriptions
Context Example
{
"Azure.Subscription": [
{
"Name": "My subscription",
"ID": "/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/cloud-shell-storage-eastus",
"State": "Enabled"
},
]
}
Human Readable Output
List of Resource Groups
| ID | Name | State |
|---|---|---|
| /subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/cloud-shell-storage-eastus | My subscription | Enabled |
6. List all resource groups for the Azure subscription
Lists all resource groups belonging to your Azure subscription.
Base Command
azure-list-resource-groups
Input
| Argument Name | Description | Required |
|---|---|---|
| subscription_id | Subscription ID to use. Can be retrieved from the azure-sc-list-subscriptions command. If not specified, the default subscripton ID will be used. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Azure.ResourceGroup.Name | string | Name of the Resource Group |
| Azure.ResourceGroup.ID | string | ID of the Resource Group |
| Azure.ResourceGroup.Location | string | Location of the Resource Group |
| Azure.ResourceGroup.ProvisioningState | string | Provisioning State of the Resource Group |
Command Example
!azure-list-resource-groups
Context Example
{
"Azure.ResourceGroup": [
{
"Name": "cloud-shell-storage-eastus",
"ProvisioningState": "Succeeded",
"ID": "/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/cloud-shell-storage-eastus",
"Location": "eastus"
},
{
"Name": "compute-integration",
"ProvisioningState": "Succeeded",
"ID": "/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/compute-integration",
"Location": "eastus"
},
{
"Name": "NetworkWatcherRG",
"ProvisioningState": "Succeeded",
"ID": "/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/NetworkWatcherRG",
"Location": "westeurope"
},
{
"Name": "us-east-rg",
"ProvisioningState": "Succeeded",
"ID": "/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/us-east-rg",
"Location": "eastus"
},
{
"Name": "us-east-rg-backups",
"ProvisioningState": "Succeeded",
"ID": "/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/us-east-rg-backups",
"Location": "westus"
}
]
}
Human Readable Output
List of Resource Groups
| Location | ProvisioningState | Name | ID |
|---|---|---|---|
| eastus | Succeeded | cloud-shell-storage-eastus | /subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/cloud-shell-storage-eastus |
| eastus | Succeeded | compute-integration | /subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/compute-integration |
| westeurope | Succeeded | NetworkWatcherRG | /subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/NetworkWatcherRG |
| eastus | Succeeded | us-east-rg | /subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/us-east-rg |
| westus | Succeeded | us-east-rg-backups | /subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/us-east-rg-backups |
7. Delete a VM instance
Deletes a specified VM instance.
Base Command
azure-vm-delete-instance
Input
| Argument Name | Description | Required |
|---|---|---|
| resource_group |
Resource Group to which the virtual machine belongs.
To see all the resource groups associated with your subscription try executing the
azure-list-resource-groups
command.
If none are present then please visit the Azure Web Portal
to create resource groups.
|
Required |
| virtual_machine_name |
Name of the virtual machine to delete.
To see all VMs with their associated names for a specific resource group try executing the
azure-vm-list-instances
command.
|
Optional |
Context Output
There is no context output for this command.
Command Example
!azure-vm-delete-instance resource_group=compute-integration virtual_machine_name=DemoVM
Human Readable Output
âDemoVMâ VM Deletion Successfully Initiated