Azure Compute v2
Create and Manage Azure Virtual Machines
This integration was integrated and tested with Azure Compute API Version: 2017-12-01.
Detailed Description
- To allow us access to Azure Compute, an admin has to approve our app using an admin consent flow, by clicking on the following link .
- After authorizing the Demisto app, you will get an ID, Token, and Key, which should be inserted in the integration instance configuration's corresponding fields. After giving consent, the application has to have a role assigned so it can access the relevant resources per subscription.
-
In order to assign a role to the application after consent was given:
- Go to the Azure Portal UI.
- Go to Subscriptions, and then Access Control (IAM).
- Click Add.
-
Select a role that includes the following permissions:
- Microsoft.Compute/virtualMachines/*
- Microsoft.Network/networkInterfaces/read
- Select the Azure Secruity Center application.
Configure Azure Compute v2 on Demisto
- Navigate to Settings > Integrations > Servers & Services .
- Search for Azure Compute v2.
-
Click
Add instance
to create and configure a new integration instance.
- Name : a textual name for the integration instance.
- Host URL (e.g. https://management.azure.com)
- ID (received from the admin consent - see Detailed Instructions (?)
- Token (received from the admin consent - see Detailed Instructions (?) section)
- Key (received from the admin consent - see Detailed Instructions (?)
- Default Subscription ID
- Use system proxy
- Trust any certificate (not secure)
- Use a self-deployed Azure Application
- Click Test to validate the new instance.
Use a Self-Deployed Azure Application
To use a self-configured Azure application, you need to add a new Azure App Registration in the Azure Portal. To add the registration, refer to the Microsoft documentation
The Tenant ID, Client ID, and Client secret are required for the integration. When you configure the integration in Demisto enter those parameters in the appropriate fields (instead of how you received them from the admin consent in the current doc).
ID - Client ID
Token - Tenant ID
Key - Client Secret
Commands
You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- List VM instances for a resource group: azure-vm-list-instances
- Power on a VM: azure-vm-start-instance
- Power off a VM: azure-vm-poweroff-instance
- Get details for a VM: azure-vm-get-instance-details
- Create a VM instance: azure-vm-create-instance
- List all subscriptions for the application: azure-list-subscriptions
- List all resource groups for the Azure subscription: azure-list-resource-groups
- Delete a VM instance: azure-vm-delete-instance
1. List VM instances for a resource group
List the VM instances in the specified Resource Group.
Base Command
azure-vm-list-instances
Input
| Argument Name | Description | Required |
|---|---|---|
| resource_group |
Resource Group of the VMs. To see all the resource groups
associated with your subscription try executing the
azure-list-resource-groups
command.
If none are present then please visit the Azure Web Portal
to create resource groups.
|
Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Azure.Compute.Name | string | Name of the VM |
| Azure.Compute.Location | string | Location of the VM |
| Azure.Compute.ProvisioningState | string | Provisioning State of the VM |
| Azure.Compute.ResourceGroup | string | Resource group where the VM resides in |
| Azure.Compute.ID | string | ID of the VM |
| Azure.Compute.Size | number | Size of the deployed VM (in GB) |
| Azure.Compute.OS | string | OS running on the VM |
Command Example
!azure-vm-list-instances resource_group=compute-integration
Context Example
{
"Azure.Compute": [
{
"Name": "TestOAuth",
"ResourceGroup": "compute-integration",
"Location": "westeurope",
"Size": 32,
"OS": "Linux",
"ID": "a050ff2e-85ab-44d9-b822-3bc3111739e0",
"ProvisioningState": "Succeeded"
}
]
}
Human Readable Output
Microsoft Azure - List of Virtual Machines in Resource Group “compute-integration”
| Name | ID | Size | OS | Location | ProvisioningState | ResourceGroup |
|---|---|---|---|---|---|---|
| TestOAuth | a050ff2e-85ab-44d9-b822-3bc3111739e0 | 32 | Linux | westeurope | Succeeded | compute-integration |
2. Power on a VM
Powers-on a specified VM.
Base Command
azure-vm-start-instance
Input
| Argument Name | Description | Required |
|---|---|---|
| resource_group |
Resource Group to which the virtual machine belongs.
To see all the resource groups associated with your subscription try executing the
azure-list-resource-groups
command.
If none are present visit the Azure Web Portal to create
resource groups.
|
Required |
| virtual_machine_name |
Name of the virtual machine to power-on.
To see all the VMs with their associated names for a specific resource group try executing the
azure-vm-list-instances
command.
|
Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Azure.Compute.Name | string | Name of the VM that was started |
| Azure.Compute.ResourceGroup | string | Resource group the VM resides in |
| Azure.Compute.PowerState | string | Whether the VM instance is powered on or off |
Command Example
!azure-vm-start-instance resource_group=compute-integration virtual_machine_name=TestOAuth
Context Example
{
"Azure.Compute": {
"ResourceGroup": "compute-integration",
"PowerState": "VM starting",
"Name": "TestOAuth"
}
}
Human Readable Output
Power-on of Virtual Machine “TestOAuth” Successfully Initiated
| ResourceGroup | PowerState | Name |
|---|---|---|
| compute-integration | VM starting | TestOAuth |
3. Power off a VM
Powers-off a specified VM.
Base Command
azure-vm-poweroff-instance
Input
| Argument Name | Description | Required |
|---|---|---|
| resource_group |
Resource Group to which the virtual machine belongs.
To see all the resource groups associated with your subscription try executing the
azure-list-resource-groups
command.
If none are present then please visit the Azure Web Portal
to create resource groups.
|
Required |
| virtual_machine_name |
Name of the virtual machine to power-off.
To see all the VMs with their associated names for a specific resource group try executing the
azure-vm-list-instances
command.
|
Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Azure.Compute.Name | string | Name of the VM that was powered down |
| Azure.Compute.ResourceGroup | string | Resource group the VM resides in |
| Azure.Compute.PowerState | string | Whether the VM instance is powered on or off |
Command Example
!azure-vm-poweroff-instance resource_group=compute-integration virtual_machine_name=TestOAuth
Context Example
{
"Azure.Compute": {
"ResourceGroup": "compute-integration",
"PowerState": "VM stopping",
"Name": "TestOAuth"
}
}
Human Readable Output
Power-off of Virtual Machine “TestOAuth” Successfully Initiated
| ResourceGroup | PowerState | Name |
|---|---|---|
| compute-integration | VM stopping | TestOAuth |
4. Get details for a VM
Gets the properties of a specified VM.
Base Command
azure-vm-get-instance-details
Input
| Argument Name | Description | Required |
|---|---|---|
| resource_group |
Resource Group to which the virtual machine belongs.
To see all the resource groups associated with your subscription try executing the
azure-list-resource-groups
command.
If none are present then please visit the Azure Web Portal
to create resource groups.
|
Required |
| virtual_machine_name |
Name of the virtual machine you wish to view the details
of.
To see all the VMs with their associated names for a specific resource group try executing the
azure-vm-list-instances
command.
|
Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Azure.Compute.Name | string | Name of the VM whose details were requested |
| Azure.Compute.ID | string | ID of the VM |
| Azure.Compute.Size | number | Size of the deployed VM in gigabytes |
| Azure.Compute.OS | string | OS running in the specified VM |
| Azure.Compute.ProvisioningState | string | Provisioning state of the deployed VM |
| Azure.Compute.Location | string | Region in which the VM is hosted |
| Azure.Compute.PowerState | string | Whether the VM instance is powered on or off |
| Azure.Compute.ResourceGroup | string | Resource group in which the VM belongs |
Command Example
!azure-vm-get-instance-details resource_group=compute-integration virtual_machine_name=TestOAuth
Context Example
{
"Azure.Compute": {
"PowerState": "VM starting",
"Name": "TestOAuth",
"ResourceGroup": "compute-integration",
"Location": "westeurope",
"Size": 32,
"OS": "Linux",
"ID": "a050ff2e-85ab-44d9-b822-3bc3111739e0",
"ProvisioningState": "Updating"
}
}
Human Readable Output
Properties of VM “TestOAuth”
| Name | ID | Size | OS | ProvisioningState | Location | PowerState |
|---|---|---|---|---|---|---|
| TestOAuth | a050ff2e-85ab-44d9-b822-3bc3111739e0 | 32 | Linux | Updating | westeurope | VM starting |
5. Create a VM instance
Creates a virtual machine instance with the specified OS image.
Base Command
azure-vm-create-instance
Input
| Argument Name | Description | Required |
|---|---|---|
| resource_group |
Resource group to which the new VM will belong.
To see all the resource groups associated with your subscription try executing the
azure-list-resource-groups
command.
If none are present then please visit the Azure Web Portal
to create resource groups.
|
Required |
| virtual_machine_name | Name of the virtual machine to create | Required |
| virtual_machine_location | Location to create the VM | Required |
| nic_name |
The name of the Network Interface to link the VM with. A
Network Interface has to be created from within the Azure
Portal. Note that the vm’s location property must match that
of the Network Interface you choose to link it to.
To see a list of available Network Interfaces visit the Azure Web Portal, navigate to the search bar at the top of the page, type in ‘network interfaces’ and in the drop-down menu that appears as you type, click on the ‘Network interfaces’ option that appears under the ‘Services’ category. If none are present, you will need to create a new Network Interface which you can do by clicking the ‘+Add’ button towards the top left of the page and following the instructions. For more information regarding Network Interfaces see the Microsoft API documentation . |
Required |
| vm_size |
The name of a VirtualMachineSize which determines the size
of the deployed vm.
For more information see the Microsoft API documentation . |
Required |
| os_image | Choose the base operating system image of the vm | Optional |
| sku |
SKU of the OS image to be used.
To see a list of available SKUs, visit your Azure Web Portal, click the symbol that looks similar to a ‘>’ along the top bar of the page which should open a cloud shell. Make sure it is a bash shell. At the command prompt enter
az vm image list-skus
along
with the appropriate arguments that it will prompt you with
to display the list of VM image SKUs available in the Azure
Marketplace.
|
Optional |
| publisher |
Name of the publisher of the OS image.
To see a list of available publishers, visit your Azure Web Portal, click the symbol that looks similar to a ‘>’ along the top bar of the page which should open a cloud shell. Make sure it is a bash shell. At the command prompt enter
az vm image list-publishers
along
with the appropriate arguments that it will prompt you with
to display the list of VM image publishers available in the
Azure Marketplace.
|
Optional |
| version |
Version of the image to use.
The allowed formats are Major.Minor.Build or ‘latest’. Major, Minor, and Build are decimal numbers. Specify ‘latest’ to use the latest version of an image available at deploy time. |
Optional |
| offer |
Specifies the offer of the platform image or marketplace
image used to create the virtual machine.
To see a list of available offers, visit your Azure Web Portal, click the symbol that looks similar to a ‘>’ along the top bar of the page which should open a cloud shell. Make sure it is a bash shell. At the command prompt enter
az vm image list-offers
along
with the appropriate arguments that it will prompt you with
to display the list of VM image offers available in the Azure
Marketplace.
|
Optional |
| admin_username | Admin Username to be used when creating the VM | Optional |
| admin_password | Admin Password to be used when creating the VM | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| Azure.Compute.Name | string | Name of the created VM instance |
| Azure.Compute.ResourceGroup | string | Resource group the VM resides in |
| Azure.Compute.ID | string | ID of the VM |
| Azure.Compute.Size | number | Size of the deployed VM in gigabytes |
| Azure.Compute.OS | string | OS running in the specified VM |
| Azure.Compute.ProvisioningState | string | Provisioning state of the deployed VM |
| Azure.Compute.Location | string | Region in which the VM is hosted |
Command Example
!azure-vm-create-instance resource_group=compute-integration nic_name=compute-integration-nic1 virtual_machine_location=westeurope vm_size=Standard_D1_v2 virtual_machine_name=DemoVM os_image="Ubuntu Server 18.04 LTS"
Context Example
{
"Azure.Compute": {
"Name": "DemoVM",
"ResourceGroup": "compute-integration",
"Location": "westeurope",
"Size": "NA",
"OS": "Linux",
"ID": "106a46b3-e999-44fd-be41-270a76e722fa",
"ProvisioningState": "Creating"
}
}
Human Readable Output
Created Virtual Machine “DemoVM”
| Name | ResourceGroup | Location | Size | OS | ID | ProvisioningState |
|---|---|---|---|---|---|---|
| DemoVM | compute-integration | westeurope | NA | Linux | 106a46b3-e999-44fd-be41-270a76e722fa | Creating |
6. Lists the subscriptions for this application.
Lists the subscriptions for this application.
Base Command
azure-list-subscriptions
Input
No inputs for this command.
Context Output
| Path | Type | Description |
|---|---|---|
| Azure.Subscription.Name | string | Subscription Name |
| Azure.Subscription.ID | string | Subscription ID | Azure.Subscription.State | string | Subscription State |
Command Example
!azure-list-subscriptions
Context Example
{
"Azure.Subscription": [
{
"Name": "My subscription",
"ID": "/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/cloud-shell-storage-eastus",
"State": "Enabled"
},
]
}
Human Readable Output
List of Resource Groups
| ID | Name | State |
|---|---|---|
| /subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/cloud-shell-storage-eastus | My subscription | Enabled |
6. List all resource groups for the Azure subscription
Lists all resource groups belonging to your Azure subscription.
Base Command
azure-list-resource-groups
Input
| Argument Name | Description | Required |
|---|---|---|
| subscription_id | Subscription ID to use. Can be retrieved from the azure-sc-list-subscriptions command. If not specified, the default subscripton ID will be used. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| Azure.ResourceGroup.Name | string | Name of the Resource Group |
| Azure.ResourceGroup.ID | string | ID of the Resource Group |
| Azure.ResourceGroup.Location | string | Location of the Resource Group |
| Azure.ResourceGroup.ProvisioningState | string | Provisioning State of the Resource Group |
Command Example
!azure-list-resource-groups
Context Example
{
"Azure.ResourceGroup": [
{
"Name": "cloud-shell-storage-eastus",
"ProvisioningState": "Succeeded",
"ID": "/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/cloud-shell-storage-eastus",
"Location": "eastus"
},
{
"Name": "compute-integration",
"ProvisioningState": "Succeeded",
"ID": "/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/compute-integration",
"Location": "eastus"
},
{
"Name": "NetworkWatcherRG",
"ProvisioningState": "Succeeded",
"ID": "/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/NetworkWatcherRG",
"Location": "westeurope"
},
{
"Name": "us-east-rg",
"ProvisioningState": "Succeeded",
"ID": "/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/us-east-rg",
"Location": "eastus"
},
{
"Name": "us-east-rg-backups",
"ProvisioningState": "Succeeded",
"ID": "/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/us-east-rg-backups",
"Location": "westus"
}
]
}
Human Readable Output
List of Resource Groups
| Location | ProvisioningState | Name | ID |
|---|---|---|---|
| eastus | Succeeded | cloud-shell-storage-eastus | /subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/cloud-shell-storage-eastus |
| eastus | Succeeded | compute-integration | /subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/compute-integration |
| westeurope | Succeeded | NetworkWatcherRG | /subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/NetworkWatcherRG |
| eastus | Succeeded | us-east-rg | /subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/us-east-rg |
| westus | Succeeded | us-east-rg-backups | /subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/us-east-rg-backups |
7. Delete a VM instance
Deletes a specified VM instance.
Base Command
azure-vm-delete-instance
Input
| Argument Name | Description | Required |
|---|---|---|
| resource_group |
Resource Group to which the virtual machine belongs.
To see all the resource groups associated with your subscription try executing the
azure-list-resource-groups
command.
If none are present then please visit the Azure Web Portal
to create resource groups.
|
Required |
| virtual_machine_name |
Name of the virtual machine to delete.
To see all VMs with their associated names for a specific resource group try executing the
azure-vm-list-instances
command.
|
Optional |
Context Output
There is no context output for this command.
Command Example
!azure-vm-delete-instance resource_group=compute-integration virtual_machine_name=DemoVM
Human Readable Output
“DemoVM” VM Deletion Successfully Initiated