|
…
|
||
|---|---|---|
| .. | ||
| AzureFunctionUpdateCloudIPs | ||
| azuredeploy.json | ||
| readme.md | ||
readme.md
Update Cloud IPs Watchlist Function
Author: Nicholas DiCola
UpdateCloudIPs Azure Function is designed to run every Sunday at 00:00. The function will create a Watchlist for each cloud provider (Azure, AWS, GCP) and add all of their IP Ranges to the watchlist. If the watchlist exists, it will compare the current watchlist with the current downloaded ranges. After compare it will add/remove new/old ranges and update expiration date if the range is the same.
Following are the configuration steps to deploy Function App.
Pre-requisites
Configuration Steps to Deploy Function App
- Click on Deploy to Azure (For both Commercial & Azure GOV)
- Select the preferred Subscription, Resource Group and Location
Post Deployment Steps
- Go to the resource group with the Azure Function.
- Click the Azure Function.
- Click Identity blade under Settings.
- Click Azure Role Assignments.
- Click Add Role Assignment.
- Set Scope to Resource Group, Select the Subscription and resource group that contains the Azure Sentinel workspace. Set role to Azure Sentinel Contributor.
- Add another role assignment this time giving the identity Reader permissions at the subscription level.