Skip to content

slsec/OneClickServerlessSecurity

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
 
 
 
 
 
 

Repository files navigation

Enable - Disable serverless security

This script allows for enabling and disabling the Serverless Security Agent

Please note : All function apps will Restart during enabling or disabling the agent. In the case of any errors/interruptions the script can be retried and Function Apps may restart in each attempt. Make sure to enter the correct subscription id and secure key

  1. Open Cloud Shell, with PowerShell ,Paste the following command and press Enter to download Script:
curl -LO "https://raw.githubusercontent.com/vikenparikh/OneClickServerlessSecurity/main/SSAOnboard.ps1" -LO "https://raw.githubusercontent.com/vikenparikh/OneClickServerlessSecurity/main/Policy.json"

image image

  1. Excecute the script on Cloud Shell - Paste the following command and press Enter:
./SSAOnboard.ps1

image

  1. Copy the SubscriptionId for the subscription you want to change and insert it when prompted by the script.

image

  1. Enter 0 to Disable, 1 to Enable the Defender for Serverless Security.

image image

  1. (Only For Enabling the Defender for Serverless Security) Enter the provided subscription's specific configuration key.

  2. Wait until the deployment completes successfully.

image image

  1. Run the following command to delete the downloaded scripts unless you wish to run them again in the future
rm ./Policy.json; rm ./SSAOnboard.ps1

Effects on Resources and Subscriptions

Running onboarding script will have the following effects on your resources:

  1. Register the resource provider 'Microsoft.PolicyInsights'
  2. Add the application setting 'AZURE_FUNCTIONS_SECURITY_AGENT_ENABLED' to each Azure Function in your subscription
  3. Assign a custom policy and associated remediation task, described below.

Running the disable command in this repository will remove application setting from all Azure Functions, remediation task, policy assignment and policy definition.

Policy Overview

The Azure Policy Definition in this repository will be uploaded to your subscription and assigned to the subscription scope. Additionally, a remediation task will be created for all current resources. This policy takes several actions to onboard your Functions to the Azure Functions Security Agent. Firstly, it creates the resource group 'mdc-slsec-rg' to house resources related to the functioning of the agent. These resources include:

  1. A Log Analytics Workspace for each region you have a FunctionApp deployed in. This LA Workspace contains events to process from your Function, as well as debug logs
  2. A Data Collection Endpoint per region, which defines where these logs go
  3. A Data Collection Rule which defines log transformations
  4. A User Assigned Identity with permissions to write to the LA Workspace. This identity is added to each of your Function Apps
  5. A resource lock on the Identity to prevent accidental deletion. Please do not modify or delete any of the resources in the mdc-slsec-rg, as this will stop the security agent from working. If you wish to disable the agent or delete the resources, please run the offboarding command described above.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors