Skip Navigation
  1. BlackBerry Docs
  2. CylanceMDR
  3. Third-party Log Source Integration Guide
  4. Installing a Modular Sensor
  5. Install a Modular Sensor in Azure

Install a Modular Sensor in Azure

Depending on your
Microsoft
 Azure subscription, installing and using the Modular Sensor in Azure may incur additional costs. After you install the sensor, you need to apply a token to associate it with your
CylanceMDR
 tenant.
  1. Log in to your Azure portal at https://portal.azure.com/.
  2. On the
    Dashboard
     screen, Click
    Azure Active Directory
    .
  3. Click
    Properties
    .
  4. Copy the
    Tenant ID
     field.
  5. Copy and paste the following URL into your browser address bar and replace
    <tenant_id>
     with the Tenant ID that you copied.
    https://login.microsoftonline.com/
    <tenant_id>
    /oauth2/authorize?client_id=58238038-43b4-4446-8260-0fa97ace1085&response_type=code&redirect_uri=https%3A%2F%2Fwww.microsoft.com%2F
  6. In the
    Permissions requested
     dialog, select
    Consent on behalf of your organization
    .
  7. Click
    Accept
    .
  8. Click
    Enterprise Applications
    .
  9. On the
    Enterprise applications | All applications
     screen, search for
    Stellar
    .
    A list of applications appear. If you don't see a list of applications, contact
    CylanceMDR
     support.
  10. If necessary, create a new resource group. If you want to use an existing resource group, proceed to the next step.
    1. Click
      Resource Groups
      .
    2. Click
      Add
      .
    3. In the
      Subscription
       field, choose your subscription.
    4. In the
      Resource group
       field, enter a name of your group.
    5. In the
      Region
       field, choose the region where you want to deploy the resource.
    6. Click
      Review + create
      .
    7. Click
      Create
      .
  11. On the
    Resource Groups
     screen, click the name of the resource group where you want to deploy the sensor.
  12. Click
    Access control (IAM)
    .
  13. Click
    Add role assignments
    .
  14. Click the
    Privileged administrator roles
     tab.
  15. Select the
    Contributor
     option.
  16. In the
    Assign access to
     drop-down list, keep the default selection of
    User, group, or service principal
    .
  17. In the
    Select
     field, type
    Stellar
    .
  18. Choose
    Stellar Cyber Software Packages
    .
  19. Click
    Save
    .
  20. In the left pane, click
    Home
    . The Azure services screen appears.
  21. On the
    Azure services
     screen, click
    Subscriptions
    .
  22. Click the subscription that you want to use.
    Depending on your Azure subscription, you may incur additional costs.
  23. Click
    Resource providers
    .
  24. Click
    Microsoft.Network
    .
  25. Click
    Register
    .
  26. Click
    Microsoft.Compute
    .
  27. Click
    Register
    .
  28. On the top right of the screen, click the
    Cloud Shell
     icon.
  29. Enter the following commands to retrieve an access token (each command should be one line):
    az account clear

az login --service-principal -u '58238038-43b4-4446-8260-0fa97ace1085' -p '3238Q~KMtVAIyuC6gDVMhboKEW7w6W~bXYQhFcZx' --tenant '2f580e30-1cc1-4c08-9e80-704999508e1a'

az account get-access-token
  30. Enter the following commands to retrieve and access token using the Tenant ID that you copied earlier (each command should be one line).
    az login --service-principal -u '58238038-43b4-4446-8260-0fa97ace1085' -p '3238Q~KMtVAIyuC6gDVMhboKEW7w6W~bXYQhFcZx' --tenant '<Tenant ID>'

az account get-access-token
  31. Use the following one-line command to output a list of Azure subscriptions:
    az account list --output table
  32. Make sure that the subscription that you want to deploy the sensor to is the default (i.e. IsDefault=True).  Use the following one-line command to set it:
    az account set --subscription <subscription>
  33. Enter the following one-line command to create a Modular Sensor VM. Replace
    <resource-group>
     with an existing resource group in your deployment and
    <version>
     with the version of software you want to install (for example, 5.2.0)
    az vm create --size Standard_B12ms --resource-group 
    <resource-group>
     --name StellarModularSensor --image "/subscriptions/0e28f851-f477-4f2d-94bc-35c00d3d5fd8/resourceGroups/Stellar/providers/Microsoft.Compute/galleries/StellarCyberSoftwares/images/Stellar-ModularSensor/versions/
    <version>
    " --admin-username azureuser --admin-password P@ssw0rd#2022 --os-disk-size-gb 128
    Note that you can specify the virtual network and subnet by including the
    --vnet-name <vnet-name>
     and
    --subnet <subnet-name>
     parameters. The networks must exist in the same resource group as the VM.
  34. Do the following to set a static IP address for the Modular Sensor and apply the token to associate it with
    CylanceMDR
    :
    1. Open the VM for your Modular Sensor. A command line appears.
    2. Enter your login information. The default username/password is aella/changeme. You are prompted to change the password immediately.
    3. Set a static IP address for the modular sensor using the following commands:
      • set interface management ip <ip_address>
      • set interface management gateway <gateway_ip_address>
      • set interface management dns <dns_ip_address>
    4. Enter
      set token string <token>
      , where
      <token>
       is the token provided by the
      CylanceMDR
       onboarding team.
      The message "Sensor token is successfully set" appears.
The
CylanceMDR
 onboarding team completes the configuration for your
CylanceMDR
 tenant to receive logs from your Modular Sensor.