Skip to content

Commit

Permalink
Remove deprecated references for plain text auth in Azure wodle
Browse files Browse the repository at this point in the history
  • Loading branch information
@nico-stefani
nico-stefani committed Feb 20, 2024
1 parent 807e25e commit 2b22126
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 178 deletions.
74 changes: 1 addition & 73 deletions source/cloud-security/azure/activity-services/prerequisites/credentials.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,14 +35,8 @@ Getting access credentials for Storage
:align: center
:width: 100%


Authentication options
----------------------

There are two different ways to set up the Azure authentication:

Using an authentication file
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
----------------------------

It is possible to store the credentials in a file for authentication as long as the file content follows the `field = value` format explained below.

Expand Down Expand Up @@ -113,70 +107,4 @@ Regardless of the service or activity to be monitored, the authentication file i
Check the :doc:`azure-logs wodle </user-manual/reference/ossec-conf/wodle-azure-logs>` section from the ossec.conf reference page for more information about the ``<auth_path>`` and other available parameters.


Inserting the credentials into the configuration
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

.. deprecated:: 4.4.0

Another authentication option is to set up credentials by storing them directly into the Wazuh configuration file ``/var/ossec/etc/ossec.conf``, inside of the ``<graph>``, ``<log_analytics>`` and ``<storage>`` blocks on the module configuration.

The tags to use are different depending on the type of service or activity to be monitored:

.. rubric:: Microsoft Graph and Log Analytics
:class: h5

.. code-block:: none
:emphasize-lines: 6, 7, 18, 19
<wodle name="azure-logs">
<disabled>no</disabled>
<run_on_start>yes</run_on_start>
<log_analytics>
<application_id>8b7...c14</application_id>
<application_key>w22...91x</application_key>
<tenantdomain>wazuh.onmicrosoft.com</tenantdomain>
<request>
<query>AzureActivity</query>
<workspace>d6b...efa</workspace>
<time_offset>1d</time_offset>
</request>
</log_analytics>
<graph>
<application_id>8b7...c14</application_id>
<application_key>w22...91x</application_key>
<tenantdomain>wazuh.onmicrosoft.com</tenantdomain>
<request>
<query>auditLogs/directoryAudits</query>
<time_offset>1d</time_offset>
</request>
</graph>
</wodle>
.. rubric:: Storage
:class: h5

.. code-block:: none
:emphasize-lines: 6, 7
<wodle name="azure-logs">
<disabled>no</disabled>
<run_on_start>yes</run_on_start>
<storage>
<account_name>exampleaccountname</account_name>
<account_key>w22...91x</account_key>
<container name="insights-operational-logs">
<blobs>.json</blobs>
<content_type>json_inline</content_type>
<time_offset>24h</time_offset>
</container>
</storage>
</wodle>
Take a look at the :doc:`azure-logs wodle </user-manual/reference/ossec-conf/wodle-azure-logs>` entry from the ``ossec.conf`` reference page for more information about the parameters.
108 changes: 3 additions & 105 deletions source/user-manual/reference/ossec-conf/wodle-azure-logs.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,6 @@ Options
- `time`_
- `timeout`_
- `log_analytics`_
- `log_analytics\\application_id`_
- `log_analytics\\application_key`_
- `log_analytics\\auth_path`_
- `log_analytics\\tenantdomain`_
- `log_analytics\\request`_
Expand All @@ -39,17 +37,13 @@ Options
- `log_analytics\\request\\workspace`_
- `log_analytics\\request\\timeout`_
- `log_analytics\\request\\time_offset`_
- `graph\\application_id`_
- `graph\\application_key`_
- `graph\\auth_path`_
- `graph\\tenantdomain`_
- `graph\\request`_
- `graph\\request\\tag`_
- `graph\\request\\query`_
- `graph\\request\\timeout`_
- `graph\\request\\time_offset`_
- `storage\\account_name`_
- `storage\\account_key`_
- `storage\\auth_path`_
- `storage\\tag`_
- `storage\\container`_
Expand All @@ -76,10 +70,6 @@ Options
+----------------------------------------+----------------------------------------------+
| `log_analytics`_ | N/A |
+----------------------------------------+----------------------------------------------+
| `log_analytics\\application_id`_ | Any string |
+----------------------------------------+----------------------------------------------+
| `log_analytics\\application_key`_ | Any string |
+----------------------------------------+----------------------------------------------+
| `log_analytics\\auth_path`_ | File path |
+----------------------------------------+----------------------------------------------+
| `log_analytics\\tenantdomain`_ | Any string |
Expand All @@ -98,10 +88,6 @@ Options
+----------------------------------------+----------------------------------------------+
| `graph`_ | N/A |
+----------------------------------------+----------------------------------------------+
| `graph\\application_id`_ | Any string |
+----------------------------------------+----------------------------------------------+
| `graph\\application_key`_ | Any string |
+----------------------------------------+----------------------------------------------+
| `graph\\auth_path`_ | File path |
+----------------------------------------+----------------------------------------------+
| `graph\\tenantdomain`_ | Any string |
Expand All @@ -118,10 +104,6 @@ Options
+----------------------------------------+----------------------------------------------+
| `storage`_ | N/A |
+----------------------------------------+----------------------------------------------+
| `storage\\account_name`_ | Any string |
+----------------------------------------+----------------------------------------------+
| `storage\\account_key`_ | Any string |
+----------------------------------------+----------------------------------------------+
| `storage\\auth_path`_ | File path |
+----------------------------------------+----------------------------------------------+
| `storage\\tag`_ | Any string |
Expand Down Expand Up @@ -248,52 +230,24 @@ Defines the use of the Azure Log Analytics REST API to get the desired logs.

This block configures the integration with Azure Log Analytics REST API.

- `log_analytics\\application_id`_
- `log_analytics\\application_key`_
- `log_analytics\\auth_path`_
- `log_analytics\\tenantdomain`_
- `log_analytics\\request`_

+----------------------------------------+----------------------------------------------+
| Options | Allowed values |
+========================================+==============================================+
| `log_analytics\\application_id`_ | Any string |
+----------------------------------------+----------------------------------------------+
| `log_analytics\\application_key`_ | Any string |
+----------------------------------------+----------------------------------------------+
| `log_analytics\\auth_path`_ | File path |
+----------------------------------------+----------------------------------------------+
| `log_analytics\\tenantdomain`_ | Any string |
+----------------------------------------+----------------------------------------------+
| `log_analytics\\request`_ | N/A |
+----------------------------------------+----------------------------------------------+

log_analytics\\application_id
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Identifier of the application that we will use for the authentication and to be able to use the Azure Log Analytics API. It must be used next to the ``application_key`` option obligatorily. Incompatible with ``auth_path`` option.

+--------------------+--------------------+
| **Default value** | N/A |
+--------------------+--------------------+
| **Allowed values** | Any string |
+--------------------+--------------------+

log_analytics\\application_key
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Key to the application we will use for authentication and to be able to use the Azure Log Analytics API. It must be used next to the ``application_id`` option obligatorily. Incompatible with ``auth_path`` option.

+--------------------+--------------------+
| **Default value** | N/A |
+--------------------+--------------------+
| **Allowed values** | Any string |
+--------------------+--------------------+

log_analytics\\auth_path
^^^^^^^^^^^^^^^^^^^^^^^^

Path of the file that contains the application identifier and the application key for authentication in order to use the Azure Log Analytics API. Incompatible with ``application_id`` and ``application_key`` options.
Path of the file that contains the application identifier and the application key for authentication in order to use the Azure Log Analytics API.

+--------------------+--------------------+
| **Default value** | N/A |
Expand Down Expand Up @@ -440,52 +394,24 @@ graph

This block configures the integration with Azure Active Directory Graph REST API.

- `graph\\application_id`_
- `graph\\application_key`_
- `graph\\auth_path`_
- `graph\\tenantdomain`_
- `graph\\request`_

+----------------------------------+----------------------------------------------+
| Options | Allowed values |
+==================================+==============================================+
| `graph\\application_id`_ | Any string |
+----------------------------------+----------------------------------------------+
| `graph\\application_key`_ | Any string |
+----------------------------------+----------------------------------------------+
| `graph\\auth_path`_ | File path |
+----------------------------------+----------------------------------------------+
| `graph\\tenantdomain`_ | Any string |
+----------------------------------+----------------------------------------------+
| `graph\\request`_ | N/A |
+----------------------------------+----------------------------------------------+

graph\\application_id
^^^^^^^^^^^^^^^^^^^^^

Identifier of the application that we will use for the authentication and to be able to use the Azure Active Directory Graph API. It must be used next to the ``application_key`` option obligatorily. Incompatible with ``auth_path`` option.

+--------------------+--------------------+
| **Default value** | N/A |
+--------------------+--------------------+
| **Allowed values** | Any string |
+--------------------+--------------------+

graph\\application_key
^^^^^^^^^^^^^^^^^^^^^^

Key to the application we will use for authentication and to be able to use the Azure Active Directory Graph API. It must be used next to the ``application_id`` option obligatorily. Incompatible with ``auth_path`` option.

+--------------------+--------------------+
| **Default value** | N/A |
+--------------------+--------------------+
| **Allowed values** | Any string |
+--------------------+--------------------+

graph\\auth_path
^^^^^^^^^^^^^^^^

Path of the file that contains the application identifier and the application key for authentication in order to use the Azure Active Directory Graph API. Incompatible with the ``application_id`` and ``application_key`` options. Check the :doc:`credentials </cloud-security/azure/activity-services/prerequisites/credentials>` reference for more information about this topic.
Path of the file that contains the application identifier and the application key for authentication in order to use the AAD Graph API.

+--------------------+--------------------+
| **Default value** | N/A |
Expand Down Expand Up @@ -603,52 +529,24 @@ storage

This block configures the integration with Azure Storage.

- `storage\\account_name`_
- `storage\\account_key`_
- `storage\\auth_path`_
- `storage\\tag`_
- `storage\\container`_

+----------------------------------+----------------------------------------------+
| Options | Allowed values |
+==================================+==============================================+
| `storage\\account_name`_ | Any string |
+----------------------------------+----------------------------------------------+
| `storage\\account_key`_ | Any string |
+----------------------------------+----------------------------------------------+
| `storage\\auth_path`_ | File path |
+----------------------------------+----------------------------------------------+
| `storage\\tag`_ | Any string |
+----------------------------------+----------------------------------------------+
| `storage\\container`_ | N/A |
+----------------------------------+----------------------------------------------+

storage\\account_name
^^^^^^^^^^^^^^^^^^^^^

Identifier of the account name that we will use for the authentication- It must be used next to the ``account_key`` option obligatorily. Incompatible with ``auth_path`` option.

+--------------------+--------------------+
| **Default value** | N/A |
+--------------------+--------------------+
| **Allowed values** | Any string |
+--------------------+--------------------+

storage\\account_key
^^^^^^^^^^^^^^^^^^^^

Identifier of the account key that we will use for the authentication- It must be used next to the ``account_name`` option obligatorily. Incompatible with ``auth_path`` option.

+--------------------+--------------------+
| **Default value** | N/A |
+--------------------+--------------------+
| **Allowed values** | Any string |
+--------------------+--------------------+

storage\\auth_path
^^^^^^^^^^^^^^^^^^

Path of the file that contains the account name and the account key for authentication. Incompatible with ``account_name`` and ``account_key`` options.
Path of the file that contains the account name and the account key for authentication.

+--------------------+--------------------+
| **Default value** | N/A |
Expand Down

0 comments on commit 2b22126

Please sign in to comment.