Skip to main content

Azure Network Security Groups

This Integration is part of the Azure Network Security Groups Pack.#

Azure network security groups are used to filter network traffic to and from Azure resources in an Azure virtual network. This integration was integrated and tested with version 2022-09-01 of Azure Network Security Groups.

Authorization#

In order to connect to the Azure Storage Accounts and the Blob Service use either the Cortex XSOAR Azure App or the Self-Deployed Azure App. Use one of the following methods:

  1. Authorization Code Flow (Recommended).
  2. Client Credentials
  3. Device Code Flow.

Self-Deployed Azure App#

To use a self-configured Azure application, you need to add a new Azure App Registration in the Azure Portal.

To add the registration, refer to the following Microsoft article steps 1-8.

Required permissions#

  • Azure Service Management - permission user_impersonation of type Delegated
  • Microsoft Graph - permission offline_access of type Delegated

To add a permission:

  1. Navigate to Home > App registrations.
  2. Search for your app under 'all applications'.
  3. Click API permissions > Add permission.
  4. Search for the specific Microsoft API and select the specific permission of type Delegated.

Authentication Using the Authorization Code Flow (recommended)#

  1. In the Authentication Type field, select the Authorization Code option.
  2. In the Application ID field, enter your Client/Application ID.
  3. In the Client Secret field, enter your Client Secret.
  4. In the Tenant ID field, enter your Tenant ID .
  5. In the Application redirect URI field, enter your Application redirect URI.
  6. Save the instance.
  7. Run the !azure-nsg-generate-login-url command in the War Room and follow the instruction.

Authentication Using the Client Credentials Flow#

  1. Assign Azure roles using the Azure portal Microsoft article

    Note: In the Select members section, assign the application you created earlier.

  2. To configure a Microsoft integration that uses this authorization flow with a self-deployed Azure application: a. In the Authentication Type field, select the Client Credentials option. b. In the Application ID field, enter your Client/Application ID. c. In the Subscription ID field, enter your Subscription ID. d. In the Resource Group Name field, enter you Resource Group Name. e. In the Tenant ID field, enter your Tenant ID . f. In the Client Secret field, enter your Client Secret. g. Click Test to validate the URLs, token, and connection h. Save the instance.

Authentication Using the Device Code Flow#

Use the device authorization grant flow.

In order to connect to the Azure Network Security Group using either Cortex XSOAR Azure App or the Self-Deployed Azure App:

  1. Fill in the required parameters.
  2. Run the !azure-nsg-auth-start command.
  3. Follow the instructions that appear.
  4. Run the !azure-nsg-auth-complete command.

At end of the process you'll see a message that you've logged in successfully.

Cortex XSOAR Azure App#

In order to use the Cortex XSOAR Azure application, use the default application ID (d4736600-e3d5-4c97-8e65-57abd2b979fe).

You only need to fill in your subscription ID and resource group name.

Configure Azure Network Security Groups on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Azure Network Security Groups.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    Application IDFalse
    Default Subscription IDThere are two options to set the specified value, either in the configuration or directly within the commands. However, setting values in both places will cause an override by the command value.True
    Default Resource Group NameThere are two options to set the specified value, either in the configuration or directly within the commands. However, setting values in both places will cause an override by the command value.True
    Azure AD endpointAzure AD endpoint associated with a national cloud.False
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
    Authentication TypeType of authentication - can be Authorization Code flow (recommended), Client Credentials, Device Code Flow, or Azure Managed Identities.True
    Tenant IDFalse
    Client SecretFalse
    Application redirect URIFalse
    Authorization codeFor user-auth mode - received from the authorization step. See Detailed Instructions (?) section.False
    Azure Managed Identities Client IDThe Managed Identities client ID for authentication - relevant only if the integration is running on Azure VM.False
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

azure-nsg-security-groups-list#


List all network security groups.

Base Command#

azure-nsg-security-groups-list

Input#

| subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional | | resource_group_name | The resource group name. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |

Context Output#

PathTypeDescription
AzureNSG.SecurityGroup.nameStringThe security group's name.
AzureNSG.SecurityGroup.idStringThe security group's ID.
AzureNSG.SecurityGroup.etagStringThe security group's ETag.
AzureNSG.SecurityGroup.typeStringThe security group's type.
AzureNSG.SecurityGroup.locationStringThe security group's location.
AzureNSG.SecurityGroup.tagsStringThe security group's tags.

Command Example#

!azure-nsg-security-groups-list

Context Example#

{
"AzureNSG": {
"SecurityGroup": {
"etag": "W/\"fdba51cf-46b3-44af-8da5-16666aa578cc\"",
"id": "/subscriptions/123456789/resourceGroups/cloud-shell-storage-eastus/providers/Microsoft.Network/networkSecurityGroups/alerts-nsg",
"location": "westeurope",
"name": "alerts-nsg",
"tags": {},
"type": "Microsoft.Network/networkSecurityGroups"
}
}
}

Human Readable Output#

Network Security Groups#

etagidlocationnametagstype
W/"fdba51cf-46b3-44af-8da5-16666aa578cc"/subscriptions/123456789/resourceGroups/cloud-shell-storage-eastus/providers/Microsoft.Network/networkSecurityGroups/alerts-nsgwesteuropealerts-nsgMicrosoft.Network/networkSecurityGroups

azure-nsg-security-rules-list#


List all rules of the specified security groups.

Base Command#

azure-nsg-security-rules-list

Input#

Argument NameDescriptionRequired
security_group_nameA comma-separated list of the names of the security groups.Required
subscription_idThe subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'.Optional
resource_group_nameThe resource group name. Note: This argument will override the instance parameter ‘Default Resource Group Name'.Optional
limitThe maximum number of rules to display. Default is 50.Optional
offsetThe index of the first rule to display. Used for pagination. Default is 0.Optional

Context Output#

PathTypeDescription
AzureNSG.Rule.nameStringThe rule's name.
AzureNSG.Rule.idStringThe rule's ID.
AzureNSG.Rule.etagStringThe rule's ETag.
AzureNSG.Rule.typeStringThe rule's type.
AzureNSG.Rule.provisioningStateStringThe rule's provisioning state.
AzureNSG.Rule.protocolStringThe protocol. Can be "TCP", "UDP", "ICMP", or "*"".
AzureNSG.Rule.sourcePortRangeStringFor a single port, the source port or range of ports. Note that for multiple ports, `sourcePortRanges` will appear instead.
AzureNSG.Rule.sourcePortRangesStringFor multiple ports, a list of source ports. Note that for single ports, `sourcePortRange` will appear instead.
AzureNSG.Rule.destinationPortRangeStringFor a single port, the destination port or range of ports. Note that for multiple ports, `destinationPortRanges` will appear instead.
AzureNSG.Rule.destinationPortRangesStringFor multiple ports, a list of destination ports. Note that for single ports, `destinationPortRange` will appear instead.
AzureNSG.Rule.sourceAddressPrefixStringThe source address.
AzureNSG.Rule.destinationAddressPrefixStringThe destination address.
AzureNSG.Rule.accessStringThe rule's access. Can be either "Allow" or "Deny".
AzureNSG.Rule.priorityNumberThe rule's priority. Can be from 100 to 4096.
AzureNSG.Rule.directionStringThe rule's direction. Can be either "Inbound" or "Outbound".

Command Example#

!azure-nsg-security-rules-list security_group_name=alerts-nsg

Context Example#

{
"AzureNSG": {
"Rule": {
"access": "Allow",
"destinationAddressPrefix": "1.1.1.1",
"destinationAddressPrefixes": [],
"destinationPortRange": "*",
"destinationPortRanges": [],
"direction": "Inbound",
"etag": "W/\"fdba51cf-46b3-44af-8da5-16666aa578cc\"",
"id": "/subscriptions/123456789/resourceGroups/cloud-shell-storage-eastus/providers/Microsoft.Network/networkSecurityGroups/alerts-nsg/securityRules/wow",
"name": "wow",
"priority": 3323,
"protocol": "*",
"provisioningState": "Succeeded",
"sourceAddressPrefix": "8.8.8.8",
"sourceAddressPrefixes": [],
"sourcePortRanges": [
"1",
"2",
"3"
],
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
}
}
}

Human Readable Output#

Rules in alerts-nsg#

accessdestinationAddressPrefixdestinationPortRangedirectionetagidnamepriorityprotocolprovisioningStatesourceAddressPrefixsourcePortRangestype
Allow1.1.1.1*InboundW/"fdba51cf-46b3-44af-8da5-16666aa578cc"/subscriptions/123456789/resourceGroups/cloud-shell-storage-eastus/providers/Microsoft.Network/networkSecurityGroups/alerts-nsg/securityRules/wowwow3323*Succeeded8.8.8.81,
2,
3
Microsoft.Network/networkSecurityGroups/securityRules

azure-nsg-auth-test#


Tests the connectivity to the Azure Network Security Groups.

Base Command#

azure-nsg-auth-test

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command Example#

!azure-nsg-auth-test

Human Readable Output#

✅ Success!

azure-nsg-security-rules-delete#


Delete a security rule.

Base Command#

azure-nsg-security-rule-delete

Input#

Argument NameDescriptionRequired
security_group_nameThe name of the security group.Required
security_rule_nameThe name of the rule to be deleted.Required
subscription_idThe subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'.Optional
resource_group_nameThe resource group name. Note: This argument will override the instance parameter ‘Default Resource Group Name'.Optional

Context Output#

There is no context output for this command.

Command Example#

!azure-nsg-security-rules-delete security_group_name=alerts-nsg security_rule_name=wow

Human Readable Output#

Rule wow deleted.

azure-nsg-security-rules-create#


Create a security rule.

Base Command#

azure-nsg-security-rule-create

Input#

Argument NameDescriptionRequired
security_group_nameThe name of the security group.Required
security_rule_nameThe name of the rule to be created.Required
directionThe direction of the rule. Possible values are: "Inbound" and "Outbound". Possible values are: Inbound, Outbound.Required
actionWhether to allow the traffic. Possible values are: "Allow" and "Deny". Possible values are: Allow, Deny.Optional
protocolThe protocol on which to apply the rule. Possible values are: "Any", "TCP", "UDP" and "ICMP". Possible values are: Any, TCP, UDP, ICMP.Optional
sourceThe source IP address range from which incoming traffic will be allowed or denied by this rule. Possible values are "Any", an IP address range, an application security group, or a default tag. Default is "Any".Optional
priorityThe priority by which the rules will be processed. The lower the number, the higher the priority. We recommend leaving gaps between rules - 100, 200, 300, etc. - so that it is easier to add new rules without having to edit existing rules. Default is "4096".Optional
source_portsThe source ports from which traffic will be allowed or denied by this rule. Provide a single port, such as 80; a port range, such as 1024-65535; or a comma-separated list of single ports and/or port ranges, such as 80,1024-65535. Use an asterisk () to allow traffic on any port. Default is "".Optional
destinationThe specific destination IP address range for outgoing traffic that will be allowed or denied by this rule. The destination filter can be "Any", an IP address range, an application security group, or a default tag.Optional
destination_portsThe destination ports for which traffic will be allowed or denied by this rule. Provide a single port, such as 80; a port range, such as 1024-65535; or a comma-separated list of single ports and/or port ranges, such as 80,1024-65535. Use an asterisk (*) to allow traffic on any port.Optional
descriptionA description to add to the rule.Optional
subscription_idThe subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'.Optional
resource_group_nameThe resource group name. Note: This argument will override the instance parameter ‘Default Resource Group Name'.Optional

Context Output#

PathTypeDescription
AzureNSG.Rule.nameStringThe rule's name.
AzureNSG.Rule.idStringThe rule's ID.
AzureNSG.Rule.etagStringThe rule's ETag.
AzureNSG.Rule.typeStringThe rule's type.
AzureNSG.Rule.provisioningStateStringThe rule's provisioning state.
AzureNSG.Rule.protocolStringThe protocol. Can be "TCP", "UDP", "ICMP", or "*".
AzureNSG.Rule.sourcePortRangeStringFor a single port, the source port or a range of ports. Note that for multiple ports, `sourcePortRanges` will appear instead.
AzureNSG.Rule.sourcePortRangesStringFor multiple ports, a list of these ports. Note that for single ports, `sourcePortRange` will appear instead.
AzureNSG.Rule.destinationPortRangeStringFor a single port, the destination port or range of ports. Note that for multiple ports, `destinationPortRanges` will appear instead.
AzureNSG.Rule.destinationPortRangesStringFor multiple ports, a list of destination ports. Note that for single ports, `destinationPortRange` will appear instead.
AzureNSG.Rule.sourceAddressPrefixStringThe source address.
AzureNSG.Rule.destinationAddressPrefixStringThe destination address.
AzureNSG.Rule.accessStringThe rule's access. Can be "Allow" or "Deny".
AzureNSG.Rule.priorityNumberThe rule's priority. Can be from 100 to 4096.
AzureNSG.Rule.directionStringThe rule's direction. Can be "Inbound" or "Outbound".

Command Example#

!azure-nsg-security-rules-create direction=Inbound security_group_name=alerts-nsg security_rule_name=rulerule source=1.1.1.1

Context Example#

{
"AzureNSG": {
"Rule": {
"access": "Allow",
"destinationAddressPrefix": "*",
"destinationAddressPrefixes": [],
"destinationPortRange": "*",
"destinationPortRanges": [],
"direction": "Inbound",
"etag": "W/\"276dc93a-488d-47a1-8971-19a1171242a9\"",
"id": "/subscriptions/123456789/resourceGroups/cloud-shell-storage-eastus/providers/Microsoft.Network/networkSecurityGroups/alerts-nsg/securityRules/rulerule",
"name": "rulerule",
"priority": 4096,
"protocol": "*",
"provisioningState": "Updating",
"sourceAddressPrefix": "1.1.1.1",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": [],
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
}
}
}

Human Readable Output#

Rules rulerule#

accessdestinationAddressPrefixdestinationPortRangedirectionetagidnamepriorityprotocolprovisioningStatesourceAddressPrefixsourcePortRangetype
Allow**InboundW/"276dc93a-488d-47a1-8971-19a1171242a9"/subscriptions/123456789/resourceGroups/cloud-shell-storage-eastus/providers/Microsoft.Network/networkSecurityGroups/alerts-nsg/securityRules/rulerulerulerule4096*Updating1.1.1.1*Microsoft.Network/networkSecurityGroups/securityRules

azure-nsg-security-rules-update#


Update a security rule. If one does not exist, it will be created.

Base Command#

azure-nsg-security-rule-update

Input#

Argument NameDescriptionRequired
security_group_nameThe name of the security group.Required
security_rule_nameThe name of the rule to be updated.Required
directionThe direction of the rule. Possible values are: "Inbound" and "Outbound". Possible values are: Inbound, Outbound.Optional
actionWhether to allow the traffic. Possible values are "Allow" and "Deny". Possible values are: Allow, Deny.Optional
protocolThe protocol on which to apply the rule. Possible values are: "Any", "TCP", "UDP", and "ICMP". Possible values are: Any, TCP, UDP, ICMP.Optional
sourceThe source IP address range from which incoming traffic will be allowed or denied by this rule. Possible values are "Any", an IP address range, an application security group, or a default tag. Default is "Any".Optional
priorityThe priority by which the rules will be processed. The lower the number, the higher the priority. We recommend leaving gaps between rules - 100, 200, 300, etc. - so that it is easier to add new rules without having to edit existing rules. Default is "4096".Optional
source_portsThe source ports from which traffic will be allowed or denied by this rule. Provide a single port, such as 80; a port range, such as 1024-65535; or a comma-separated list of single ports and/or port ranges, such as 80,1024-65535. Use an asterisk () to allow traffic on any port. Default is "".Optional
destinationThe specific destination IP address range for outgoing traffic that will be allowed or denied by this rule. The destination filter can be "Any", an IP address range, an application security group, or a default tag.Optional
destination_portsThe destination ports for which traffic will be allowed or denied by this rule. Provide a single port, such as 80; a port range, such as 1024-65535; or a comma-separated list of single ports and/or port ranges, such as 80,1024-65535. Use an asterisk (*) to allow traffic on any port.Optional
descriptionA description to add to the rule.Optional
subscription_idThe subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'.Optional
resource_group_nameThe resource group name. Note: This argument will override the instance parameter ‘Default Resource Group Name'.Optional

Context Output#

PathTypeDescription
AzureNSG.Rule.nameStringThe rule's name.
AzureNSG.Rule.idStringThe rule's ID.
AzureNSG.Rule.etagStringThe rule's ETag.
AzureNSG.Rule.typeStringThe rule's type.
AzureNSG.Rule.provisioningStateStringThe rule's provisioning state.
AzureNSG.Rule.protocolStringThe protocol. Can be "TCP", "UDP", "ICMP", "*".
AzureNSG.Rule.sourcePortRangeStringFor a single port, the source port or a range of ports. Note that for multiple ports, `sourcePortRanges` will appear instead.
AzureNSG.Rule.sourcePortRangesStringFor multiple ports, a list of these ports. Note that for single ports, `sourcePortRange` will appear instead.
AzureNSG.Rule.destinationPortRangeStringFor a single port, the destination port or range of ports. Note that for multiple ports, `destinationPortRanges` will appear instead.
AzureNSG.Rule.destinationPortRangesStringFor multiple ports, a list of destination ports. Note that for single ports, `destinationPortRange` will appear instead.
AzureNSG.Rule.sourceAddressPrefixStringThe source address.
AzureNSG.Rule.destinationAddressPrefixStringThe destination address.
AzureNSG.Rule.accessStringThe rule's access. Can be "Allow" or "Deny".
AzureNSG.Rule.priorityNumberThe rule's priority. Can be from 100 to 4096.
AzureNSG.Rule.directionStringThe rule's direction. Can be "Inbound" or "Outbound".

Command Example#

!azure-nsg-security-rules-update security_group_name=alerts-nsg security_rule_name=XSOAR_Rule action=Allow description=description

Context Example#

{
"AzureNSG": {
"Rule": {
"access": "Allow",
"description": "description",
"destinationAddressPrefix": "11.0.0.0/8",
"destinationAddressPrefixes": [],
"destinationPortRange": "8080",
"destinationPortRanges": [],
"direction": "Outbound",
"etag": "W/\"9fad6036-4c3a-4d60-aac9-18281dba3305\"",
"id": "/subscriptions/123456789/resourceGroups/cloud-shell-storage-eastus/providers/Microsoft.Network/networkSecurityGroups/alerts-nsg/securityRules/XSOAR_Rule",
"name": "XSOAR_Rule",
"priority": 100,
"protocol": "*",
"provisioningState": "Succeeded",
"sourceAddressPrefix": "10.0.0.0/8",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": [],
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
}
}
}

Human Readable Output#

Rules XSOAR_Rule#

accessdescriptiondestinationAddressPrefixdestinationPortRangedirectionetagidnamepriorityprotocolprovisioningStatesourceAddressPrefixsourcePortRangetype
Allowdescription11.0.0.0/88080OutboundW/"9fad6036-4c3a-4d60-aac9-18281dba3305"/subscriptions/123456789/resourceGroups/cloud-shell-storage-eastus/providers/Microsoft.Network/networkSecurityGroups/alerts-nsg/securityRules/XSOAR_RuleXSOAR_Rule100*Succeeded10.0.0.0/8*Microsoft.Network/networkSecurityGroups/securityRules

azure-nsg-security-rules-get#


Get a specific rule.

Base Command#

azure-nsg-security-rule-get

Input#

Argument NameDescriptionRequired
security_group_nameThe name of the security group.Optional
security_rule_nameA comma-separated list of the names of the rules to get.Optional
subscription_idThe subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'.Optional
resource_group_nameThe name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'.Optional

Context Output#

PathTypeDescription
AzureNSG.Rule.nameStringThe rule's name.
AzureNSG.Rule.idStringThe rule's ID.
AzureNSG.Rule.etagStringThe rule's ETag.
AzureNSG.Rule.typeStringThe rule's type.
AzureNSG.Rule.provisioningStateStringThe rule's provisioning state.
AzureNSG.Rule.protocolStringThe protocol. Can be "TCP", "UDP", "ICMP", "*".
AzureNSG.Rule.sourcePortRangeStringFor a single port, the source port or a range of ports. Note that for multiple ports, `sourcePortRanges` will appear instead.
AzureNSG.Rule.sourcePortRangesStringFor multiple ports, a list of these ports. Note that for single ports, `sourcePortRange` will appear instead.
AzureNSG.Rule.destinationPortRangeStringFor a single port, the destination port or range of ports. Note that for multiple ports, `destinationPortRanges` will appear instead.
AzureNSG.Rule.destinationPortRangesStringFor multiple ports, a list of destination ports. Note that for single ports, `destinationPortRange` will appear instead.
AzureNSG.Rule.sourceAddressPrefixStringThe source address.
AzureNSG.Rule.destinationAddressPrefixStringThe destination address.
AzureNSG.Rule.accessStringThe rule's access. Can be "Allow" or "Deny".
AzureNSG.Rule.priorityNumberThe rule's priority. Can be from 100 to 4096.
AzureNSG.Rule.directionStringThe rule's direction. Can be "Inbound" or "Outbound".

Command Example#

!azure-nsg-security-rules-get security_group_name=alerts-nsg security_rule_name=wow

Context Example#

{
"AzureNSG": {
"Rule": {
"access": "Allow",
"destinationAddressPrefix": "1.1.1.1",
"destinationAddressPrefixes": [],
"destinationPortRange": "*",
"destinationPortRanges": [],
"direction": "Inbound",
"etag": "W/\"fdba51cf-46b3-44af-8da5-16666aa578cc\"",
"id": "/subscriptions/123456789/resourceGroups/cloud-shell-storage-eastus/providers/Microsoft.Network/networkSecurityGroups/alerts-nsg/securityRules/wow",
"name": "wow",
"priority": 3323,
"protocol": "*",
"provisioningState": "Succeeded",
"sourceAddressPrefix": "8.8.8.8",
"sourceAddressPrefixes": [],
"sourcePortRanges": [
"1",
"2",
"3"
],
"type": "Microsoft.Network/networkSecurityGroups/securityRules"
}
}
}

Human Readable Output#

Rules wow#

accessdestinationAddressPrefixdestinationPortRangedirectionetagidnamepriorityprotocolprovisioningStatesourceAddressPrefixsourcePortRangestype
Allow1.1.1.1*InboundW/"fdba51cf-46b3-44af-8da5-16666aa578cc"/subscriptions/123456789/resourceGroups/cloud-shell-storage-eastus/providers/Microsoft.Network/networkSecurityGroups/alerts-nsg/securityRules/wowwow3323*Succeeded8.8.8.81,
2,
3
Microsoft.Network/networkSecurityGroups/securityRules

azure-nsg-auth-start#


Run this command to start the authorization process and follow the instructions in the command results.

Base Command#

azure-nsg-auth-start

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command Example#

!azure-nsg-auth-start

Human Readable Output#

To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code CODECODE to authenticate. Run the !azure-nsg-auth-complete command in the War Room.

azure-nsg-auth-complete#


Run this command to complete the authorization process. Should be used after running the azure-nsg-auth-start command.

Base Command#

azure-nsg-auth-complete

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command Example#

!azure-nsg-auth-complete

Human Readable Output#

✅ Authorization completed successfully.

azure-nsg-auth-reset#


Run this command if for some reason you need to rerun the authentication process.

Base Command#

azure-nsg-auth-reset

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command Example#

!azure-nsg-auth-reset

Human Readable Output#

Authorization was reset successfully. You can now run !azure-nsg-auth-start and !azure-nsg-auth-complete.

azure-nsg-security-rule-delete#


Delete a security rule.

Base Command#

azure-nsg-security-rule-delete

Input#

Argument NameDescriptionRequired
security_group_nameThe name of the security group.Required
security_rule_nameThe name of the rule to be deleted.Required

Context Output#

There is no context output for this command.

azure-nsg-security-rule-create#


Create a security rule.

Base Command#

azure-nsg-security-rule-create

Input#

Argument NameDescriptionRequired
security_group_nameThe name of the security group.Required
security_rule_nameThe name of the rule to be created.Required
directionThe direction of the rule. Possible values are: "Inbound" and "Outbound". Possible values are: Inbound, Outbound.Required
actionWhether to allow the traffic. Possible values are: "Allow" and "Deny". Possible values are: Allow, Deny.Optional
protocolThe protocol on which to apply the rule. Possible values are: "Any", "TCP", "UDP" and "ICMP". Possible values are: Any, TCP, UDP, ICMP.Optional
sourceThe source IP address range from which incoming traffic will be allowed or denied by this rule. Possible values are "Any", an IP address range, an application security group, or a default tag.Optional
priorityThe priority by which the rules will be processed. The lower the number, the higher the priority. We recommend leaving gaps between rules - 100, 200, 300, etc. - so that it is easier to add new rules without having to edit existing rules.Optional
source_portsThe source ports from which traffic will be allowed or denied by this rule. Provide a single port, such as 80; a port range, such as 1024-65535; or a comma-separated list of single ports and/or port ranges, such as 80,1024-65535. Use an asterisk (*) to allow traffic on any port.Optional
destinationThe specific destination IP address range for outgoing traffic that will be allowed or denied by this rule. The destination filter can be "Any", an IP address range, an application security group, or a default tag.Optional
destination_portsThe destination ports for which traffic will be allowed or denied by this rule. Provide a single port, such as 80; a port range, such as 1024-65535; or a comma-separated list of single ports and/or port ranges, such as 80,1024-65535. Use an asterisk (*) to allow traffic on any port.Optional
descriptionA description to add to the rule.Optional

Context Output#

PathTypeDescription
AzureNSG.Rule.nameStringThe rule's name.
AzureNSG.Rule.idStringThe rule's ID.
AzureNSG.Rule.etagStringThe rule's ETag.
AzureNSG.Rule.typeStringThe rule's type.
AzureNSG.Rule.provisioningStateStringThe rule's provisioning state.
AzureNSG.Rule.protocolStringThe protocol. Can be "TCP", "UDP", "ICMP", or "*".
AzureNSG.Rule.sourcePortRangeStringFor a single port, the source port or a range of ports. Note that for multiple ports, `sourcePortRanges` will appear instead.
AzureNSG.Rule.sourcePortRangesStringFor multiple ports, a list of these ports. Note that for single ports, `sourcePortRange` will appear instead.
AzureNSG.Rule.destinationPortRangeStringFor a single port, the destination port or range of ports. Note that for multiple ports, `destinationPortRanges` will appear instead.
AzureNSG.Rule.destinationPortRangesStringFor multiple ports, a list of destination ports. Note that for single ports, `destinationPortRange` will appear instead.
AzureNSG.Rule.sourceAddressPrefixStringThe source address.
AzureNSG.Rule.destinationAddressPrefixStringThe destination address.
AzureNSG.Rule.accessStringThe rule's access. Can be "Allow" or "Deny".
AzureNSG.Rule.priorityNumberThe rule's priority. Can be from 100 to 4096.
AzureNSG.Rule.directionStringThe rule's direction. Can be "Inbound" or "Outbound".

azure-nsg-security-rule-update#


Update a security rule. If one does not exist, it will be created.

Base Command#

azure-nsg-security-rule-update

Input#

Argument NameDescriptionRequired
security_group_nameThe name of the security group.Required
security_rule_nameThe name of the rule to be updated.Required
directionThe direction of the rule. Possible values are: "Inbound" and "Outbound". Possible values are: Inbound, Outbound.Optional
actionWhether to allow the traffic. Possible values are "Allow" and "Deny". Possible values are: Allow, Deny.Optional
protocolThe protocol on which to apply the rule. Possible values are: "Any", "TCP", "UDP", and "ICMP". Possible values are: Any, TCP, UDP, ICMP.Optional
sourceThe source IP address range from which incoming traffic will be allowed or denied by this rule. Possible values are "Any", an IP address range, an application security group, or a default tag.Optional
priorityThe priority by which the rules will be processed. The lower the number, the higher the priority. We recommend leaving gaps between rules - 100, 200, 300, etc. - so that it is easier to add new rules without having to edit existing rules.Optional
source_portsThe source ports from which traffic will be allowed or denied by this rule. Provide a single port, such as 80; a port range, such as 1024-65535; or a comma-separated list of single ports and/or port ranges, such as 80,1024-65535. Use an asterisk (*) to allow traffic on any port.Optional
destinationThe specific destination IP address range for outgoing traffic that will be allowed or denied by this rule. The destination filter can be "Any", an IP address range, an application security group, or a default tag.Optional
destination_portsThe destination ports for which traffic will be allowed or denied by this rule. Provide a single port, such as 80; a port range, such as 1024-65535; or a comma-separated list of single ports and/or port ranges, such as 80,1024-65535. Use an asterisk (*) to allow traffic on any port.Optional
descriptionA description to add to the rule.Optional

Context Output#

PathTypeDescription
AzureNSG.Rule.nameStringThe rule's name.
AzureNSG.Rule.idStringThe rule's ID.
AzureNSG.Rule.etagStringThe rule's ETag.
AzureNSG.Rule.typeStringThe rule's type.
AzureNSG.Rule.provisioningStateStringThe rule's provisioning state.
AzureNSG.Rule.protocolStringThe protocol. Can be "TCP", "UDP", "ICMP", "*".
AzureNSG.Rule.sourcePortRangeStringFor a single port, the source port or a range of ports. Note that for multiple ports, `sourcePortRanges` will appear instead.
AzureNSG.Rule.sourcePortRangesStringFor multiple ports, a list of these ports. Note that for single ports, `sourcePortRange` will appear instead.
AzureNSG.Rule.destinationPortRangeStringFor a single port, the destination port or range of ports. Note that for multiple ports, `destinationPortRanges` will appear instead.
AzureNSG.Rule.destinationPortRangesStringFor multiple ports, a list of destination ports. Note that for single ports, `destinationPortRange` will appear instead.
AzureNSG.Rule.sourceAddressPrefixStringThe source address.
AzureNSG.Rule.destinationAddressPrefixStringThe destination address.
AzureNSG.Rule.accessStringThe rule's access. Can be "Allow" or "Deny".
AzureNSG.Rule.priorityNumberThe rule's priority. Can be from 100 to 4096.
AzureNSG.Rule.directionStringThe rule's direction. Can be "Inbound" or "Outbound".

azure-nsg-security-rule-get#


Get a specific rule.

Base Command#

azure-nsg-security-rule-get

Input#

Argument NameDescriptionRequired
security_group_nameThe name of the security group.Optional
security_rule_nameA comma-separated list of the names of the rules to get.Optional

Context Output#

PathTypeDescription
AzureNSG.Rule.nameStringThe rule's name.
AzureNSG.Rule.idStringThe rule's ID.
AzureNSG.Rule.etagStringThe rule's ETag.
AzureNSG.Rule.typeStringThe rule's type.
AzureNSG.Rule.provisioningStateStringThe rule's provisioning state.
AzureNSG.Rule.protocolStringThe protocol. Can be "TCP", "UDP", "ICMP", "*".
AzureNSG.Rule.sourcePortRangeStringFor a single port, the source port or a range of ports. Note that for multiple ports, `sourcePortRanges` will appear instead.
AzureNSG.Rule.sourcePortRangesStringFor multiple ports, a list of these ports. Note that for single ports, `sourcePortRange` will appear instead.
AzureNSG.Rule.destinationPortRangeStringFor a single port, the destination port or range of ports. Note that for multiple ports, `destinationPortRanges` will appear instead.
AzureNSG.Rule.destinationPortRangesStringFor multiple ports, a list of destination ports. Note that for single ports, `destinationPortRange` will appear instead.
AzureNSG.Rule.sourceAddressPrefixStringThe source address.
AzureNSG.Rule.destinationAddressPrefixStringThe destination address.
AzureNSG.Rule.accessStringThe rule's access. Can be "Allow" or "Deny".
AzureNSG.Rule.priorityNumberThe rule's priority. Can be from 100 to 4096.
AzureNSG.Rule.directionStringThe rule's direction. Can be "Inbound" or "Outbound".

azure-nsg-generate-login-url#


Generate the login url used for Authorization code.

Base Command#

azure-nsg-generate-login-url

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command Example#

azure-nsg-generate-login-url

Human Readable Output#

Authorization instructions#

  1. Click on the login URL to sign in and grant Cortex XSOAR permissions for your Azure Service Management. You will be automatically redirected to a link with the following structure: REDIRECT_URI?code=AUTH_CODE&session_state=SESSION_STATE
  2. Copy the AUTH_CODE (without the code= prefix, and the session_state parameter) and paste it in your instance configuration under the Authorization code parameter.

azure-nsg-subscriptions-list#


Gets all subscriptions for a tenant.

Base Command#

azure-nsg-subscriptions-list

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
AzureNSG.Subscription.idStringThe unique identifier of the Azure Network Security Groups subscription.
AzureNSG.Subscription.authorizationSourceStringThe source of authorization for the Azure Network Security Groups subscription.
AzureNSG.Subscription.managedByTenantsUnknownThe tenants that have access to manage the Azure Network Security Groups subscription.
AzureNSG.Subscription.subscriptionIdStringThe ID of the Azure Network Security Groups subscription.
AzureNSG.Subscription.tenantIdStringThe ID of the tenant associated with the Azure Network Security Groups subscription.
AzureNSG.Subscription.displayNameStringThe display name of the Azure Network Security Groups subscription.
AzureNSG.Subscription.stateStringThe current state of the Azure Network Security Groups subscription.
AzureNSG.Subscription.subscriptionPolicies.locationPlacementIdStringThe ID of the location placement policy for the Azure Network Security Groups subscription.
AzureNSG.Subscription.subscriptionPolicies.quotaIdStringThe ID of the quota policy for the Azure Network Security Groups subscription.
AzureNSG.Subscription.subscriptionPolicies.spendingLimitStringThe spending limit policy for the Azure Network Security Groups subscription.
AzureNSG.Subscription.count.typeStringThe type of the Azure Network Security Groups subscription count.
AzureNSG.Subscription.count.valueNumberThe value of the Azure Network Security Groups subscription count.

Command example#

!azure-nsg-subscriptions-list

Context Example#

{
"AzureNSG": {
"Subscription": [
{
"authorizationSource": "RoleBased",
"displayName": "Access to Azure Active Directory",
"id": "/subscriptions/057b1785-fd",
"managedByTenants": [],
"state": "Enabled",
"subscriptionId": "057b1785-fd7b-4ca",
"subscriptionPolicies": {
"locationPlacementId": "Public_2014-09-01",
"quotaId": "AAD_2015-09-01",
"spendingLimit": "On"
},
"tenantId": "ebac1a16-81bf-4"
},
{
"authorizationSource": "RoleBased",
"displayName": "Pay-As-You-Go",
"id": "/subscriptions/0f907ea4",
"managedByTenants": [],
"state": "Enabled",
"subscriptionId": "0f907ea4-bc",
"subscriptionPolicies": {
"locationPlacementId": "Public_2014-09-01",
"quotaId": "PayAsYouGo_2014-09-01",
"spendingLimit": "Off"
},
"tenantId": "ebac1a16-81bf-"
}
]
}
}

Human Readable Output#

Azure Network Security Groups Subscriptions list#

subscriptionIdtenantIddisplayNamestate
057b1785-fd7b-4ebac1a16-81bf-449Access to Azure Active DirectoryEnabled
0f907ea4-bc8b-4ebac1a16-81bf-449Pay-As-You-GoEnabled

azure-nsg-resource-group-list#


Gets all resource groups for a subscription.

Base Command#

azure-nsg-resource-group-list

Input#

Argument NameDescriptionRequired
subscription_idThe subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'.Optional
limitLimit on the number of resource groups to return. Default is 50.Optional
tagA single tag in the form of '{"Tag Name":"Tag Value"}' to filter the list by.Optional

Context Output#

PathTypeDescription
AzureNSG.ResourceGroup.idStringThe unique identifier of the Azure Network Security Groups resource group.
AzureNSG.ResourceGroup.nameStringThe name of the Azure Network Security Groups resource group.
AzureNSG.ResourceGroup.typeStringThe type of the Azure Network Security Groups resource group.
AzureNSG.ResourceGroup.locationStringThe location of the Azure Network Security Groups resource group.
AzureNSG.ResourceGroup.properties.provisioningStateStringThe provisioning state of the Azure Network Security Groups resource group.
AzureNSG.ResourceGroup.tags.OwnerStringThe owner tag of the Azure Network Security Groups resource group.
AzureNSG.ResourceGroup.tagsUnknownThe tags associated with the Azure Network Security Groups resource group.
AzureNSG.ResourceGroup.tags.NameStringThe name tag of the Azure Network Security Groups resource group.
AzureNSG.ResourceGroup.managedByStringThe entity that manages the Azure Network Security Groups resource group.
AzureNSG.ResourceGroup.tags.aNSG-managed-cluster-nameStringThe ANSG managed cluster name tag associated with the Azure Network Security Groups resource group.
AzureNSG.ResourceGroup.tags.aNSG-managed-cluster-rgStringThe ANSG managed cluster resource group tag associated with the Azure Network Security Groups resource group.
AzureNSG.ResourceGroup.tags.typeStringThe type tag associated with the Azure Network Security Groups resource group.

Command example#

!azure-nsg-resource-group-list

Context Example#

{
"AzureNSG": {
"ResourceGroup": [
{
"id": "/subscriptions/0f907ea4-bc8b-4c11-9d7/resourceGroups/cloud-shell-storage-eastus",
"location": "eastus",
"name": "cloud-shell-storage-eastus",
"properties": {
"provisioningState": "Succeeded"
},
"type": "Microsoft.Resources/resourceGroups"
},
{
"id": "/subscriptions/0f907ea4-bc8b-4c11-9d7/resourceGroups/demi",
"location": "centralus",
"name": "demi",
"properties": {
"provisioningState": "Succeeded"
},
"tags": {
"Owner": "Demi"
},
"type": "Microsoft.Resources/resourceGroups"
}
]
}
}

Human Readable Output#

Resource Groups List#

NameLocationTags
cloud-shell-storage-eastuseastus
demicentralusOwner: Demi