diff --git a/README.md b/README.md
index 93a4db1..ce49abe 100644
--- a/README.md
+++ b/README.md
@@ -1,65 +1,37 @@
-# Falcon CSPM Registration with Azure Bicep
+# Falcon Cloud Security Registration with Azure Bicep
-The Azure Bicep templates provided in this repository allow for an easy and seamless integration of Azure environments into CrowdStrike Falcon Cloud Security.
+The Azure Bicep templates in this repository allow for an easy and seamless integration of Azure environments into CrowdStrike Falcon Cloud Security.
## Deployment using Azure CLI
-### Create Application Registration (Optional)
+### Register an Azure management group
-The command below creates a new app registration in Entra ID, including the required Microsoft Graph API permissions. This command needs to be executed by a user having the following Entra ID roles:
-- ***Application Developer***, ***Cloud Application Administrator*** or ***Application Administrator*** - to create the app registration in Microsoft Entra ID
-- ***Privileged Role Administrator*** or ***Global Administrator*** - to provide administrative consent to the requested Microsoft Graph API permissions.
-
-> [!NOTE]
-> Use the optional *grantAdminConsent* parameter to disable granting administrative consent to the requested Microsoft Graph API permissions automatically.
-
-#### Deployment command
-
-```sh
-az deployment sub create --name 'cs-cspm-appregistration' --location westeurope \
- --template-file modules/iom/azureAppRegistration.bicep \
- --only-show-errors
-```
-
-#### Parameters
-
-- You can generate a parameter file: [generate-params](https://learn.microsoft.com/fr-fr/azure/azure-resource-manager/bicep/bicep-cli#generate-params)
-- Deploy the bicep file using the parameters file: [deploy bicep file with parameters file](https://learn.microsoft.com/fr-fr/azure/azure-resource-manager/bicep/parameter-files?tabs=Bicep#deploy-bicep-file-with-parameters-file)
-- Or pass the parameters as arguments: [inline-parameters](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/deploy-cli#inline-parameters)
-
-| Parameter name | Required | Description |
-|-------------------|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| applicationName | no | Name of the App registration in Entra ID. Defaults to **CrowdStrikeCSPM-${uniqueString}**, e.g. **CrowdStrikeCSPM-2452hzjqllbqm** |
-| publicCertificate | no | Base64-encoded string of the public certificate raw data. Default is **empty**. This certificate is used to connect from the Falcon platform to Azure. |
-| grantAdminConsent | no | Provide admin consent to Microsoft Graph API permissions automatically. Defaults to **true**. Requires ***Privileged Role Administrator*** or ***Global Administrator*** permissions in Entra ID. |
-
-### Registration of an Azure management group
-The command below registers an Azure management group, including all Azure subscriptions, into CrowdStrike Falcon Cloud Security by performing the following actions:
+The command below registers an Azure management group, including all Azure subscriptions, into Falcon Cloud Security by performing the following actions:
- Creates an app registration in Microsoft Entra ID, including Microsoft Graph API permissions and administrative consent
-- Assigns the following Azure RBAC permissions to the created app registration on the Azure management group
- - *Reader*
- - *Security Reader*
- - *Key Vault Reader*
- - *Azure Kubernetes Service RBAC Reader*
- - *Website Contributor*
-- Assigns the *cs-website-reader* custom role on the Subscription with the following actions
- - *Microsoft.Web/sites/Read*
- - *Microsoft.Web/sites/config/Read*
- - *Microsoft.Web/sites/config/list/Action*
-- Creates and Azure Policy definition and management group assignment to create Azure subscription diagnostic settings
+- Assigns the following Azure RBAC permissions to the created app registration on the Azure management group:
+ - Reader
+ - Security Reader
+ - Key Vault Reader
+ - Azure Kubernetes Service RBAC Reader
+ - Website Contributor
+- Assigns the **cs-website-reader** custom role on the subscription with the following actions:
+ - Microsoft.Web/sites/Read
+ - Microsoft.Web/sites/config/Read
+ - Microsoft.Web/sites/config/list/Action
+- Creates an Azure policy definition and management group assignment to create Azure subscription diagnostic settings
- Creates Microsoft Entra ID diagnostic setting
- Deploys infrastructure for Indicator of Attack (IOA) assessment
-- Integrates the Subscription into the CrowdStrike Falcon Cloud Security for Indicator of Misconfiguration (IOM) and Indicator of Attack (IOA) assessment
+- Integrates the subscription into Falcon Cloud Security for Indicator of Misconfiguration (IOM) and Indicator of Attack (IOA) assessment
> [!IMPORTANT]
> Registration only supports the Azure root management group (Tenant root group).
#### Prerequisite
-Ensure you have a CrowdStrike API client ID and client secret for FCS. If you don't, you can set them up on Falcon:
+Ensure you have a CrowdStrike API client ID and client secret for Falcon Cloud Security. If you don't, you can set them up in the Falcon console:
- [US-1](https://falcon.crowdstrike.com/api-clients-and-keys/)
- [US-2](https://falcon.us-2.crowdstrike.com/api-clients-and-keys/)
@@ -67,87 +39,86 @@ Ensure you have a CrowdStrike API client ID and client secret for FCS. If you do
#### Required permissions
-- ***Application Developer***, ***Cloud Application Administrator*** or ***Application Administrator*** role in Microsoft Entra ID - to create the app registration in Microsoft Entra ID
-- ***Privileged Role Administrator*** or ***Global Administrator*** role in Microsoft Entra ID - to provide administrative consent to the requested Microsoft Graph API permissions.
-
-> [!NOTE]
-> Use the optional *grantAdminConsent* parameter to disable granting administrative consent to the requested Microsoft Graph API permissions automatically.
+- **Application Developer**, **Cloud Application Administrator**, or **Application Administrator** role in Microsoft Entra ID to create the app registration in Microsoft Entra ID
+- **Privileged Role Administrator** or **Global Administrator** role in Microsoft Entra ID to provide administrative consent to the requested Microsoft Graph API permissions.
+
+ > [!NOTE]
+ > Use the optional `grantAdminConsent` parameter to disable granting administrative consent to the requested Microsoft Graph API permissions automatically.
-- ***Owner*** role for the Azure management group to be integrated into CrowdStrike Falcon Cloud Security
-- ***Owner*** role for the Azure subscription to be used for deployment of the infrastructure for Indicator of Attack (IOA) assessment
+- **Owner** role for the Azure management group to be integrated into Falcon Cloud Security
+- **Owner** role for the Azure subscription to be used for deployment of the infrastructure for Indicator of Attack (IOA) assessment
#### Deployment command
```sh
-az deployment mg create --name 'cs-cspm-managementgroup-deployment' --location westeurope \
+az deployment mg create --name 'cs-fcs-managementgroup-deployment' --location westeurope \
--management-group-id $(az account show --query tenantId -o tsv) \
- --template-file cs-cspm-deployment-managementGroup.bicep \
+ --template-file cs-fcs-deployment-managementGroup.bicep \
--only-show-errors
```
#### Remediate Azure Policy Assignment
-To enable indicators of attack (IOAs) for all the already existing subscriptions, you need to remediate the `cs-ioa-assignment` Azure Policy Assignment manually.
-
-Navigate to **Management Groups** and select the tenant root group.
-
-Navigate to **Governance** > **Policy** and select **Authoring** > **Assignments**.
+To enable indicators of attack (IOAs) for all the already existing subscriptions, you must remediate the **cs-ioa-assignment** Azure policy assignment manually.
-Click the `cs-ioa-assignment` assignment and then remediate the assignment by [creating a remediation task from a non-compliant policy assignment](https://learn.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources?tabs=azure-portal#option-2-create-a-remediation-task-from-a-non-compliant-policy-assignment
-)
-
-Click **Validate** below to return to the cloud accounts page. Please allow about two hours for the data to be available.
+1. In the Azure portal, navigate to **Management Groups** and select the tenant root group.
+2. Go to **Governance** > **Policy** and select **Authoring** > **Assignments**.
+3. Click the **cs-ioa-assignment** assignment and then remediate the assignment by [creating a remediation task from a non-compliant policy assignment](https://learn.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources?tabs=azure-portal#option-2-create-a-remediation-task-from-a-non-compliant-policy-assignment).
+4. Click **Validate** to return to the cloud accounts page. Allow about two hours for the data to be available.
#### Parameters
-- You can generate a parameter file: [generate-params](https://learn.microsoft.com/fr-fr/azure/azure-resource-manager/bicep/bicep-cli#generate-params)
-- Deploy the bicep file using the parameters file: [deploy bicep file with parameters file](https://learn.microsoft.com/fr-fr/azure/azure-resource-manager/bicep/parameter-files?tabs=Bicep#deploy-bicep-file-with-parameters-file)
-- Or pass the parameters as arguments: [inline-parameters](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/deploy-cli#inline-parameters)
-
-| Parameter name | Required | Description |
-|---------------------------------------|----------|--------------------------------------------------------------------------------------------------------------------------------|
-| defaultSubscriptionId | yes | Subscription Id of the default Azure Subscription. |
-| falconCID | yes | CID for the Falcon API. |
-| falconClientId | yes | Client ID for the Falcon API. |
-| falconClientSecret | yes | Client secret for the Falcon API. |
-| falconCloudRegion | no | Falcon cloud region. Defaults to ***US-1***. Allowed values are US-1, US-2 or EU-1. |
-| useExistingAppRegistration | no | Use an existing Application Registration. Defaults to ***false***. |
-| grantAppRegistrationAdminConsent | no | Grant admin consent for Application Registration. Defaults to ***true***. |
-| azureClientId | no | Application Id of an existing Application Registration in Entra ID. Only used with parameter *useExistingAppRegistration*. |
-| azureClientSecret | no | Application Secret of an existing Application Registration in Entra ID. Only used with parameter *useExistingAppRegistration*. |
-| azurePrincipalId | no | Principal Id of the Application Registration in Entra ID. Only used with parameter *useExistingAppRegistration*. |
-| azureAccountType | no | Type of the Azure account to integrate. |
-| location | no | Location for the resources deployed in this solution. |
-| tags | no | Tags to be applied to all resources. |
-| deployIOM | no | Deploy Indicator of Misconfiguration (IOM) integration. Defaults to ***true***. |
-| assignAzureSubscriptionPermissions | no | Assign required permissions on Azure Default Subscription automatically. Defaults to ***false***. |
-| assignAzureManagementGroupPermissions | no | Assign required permissions Azure Management Group automatically. Defaults to ***true***. |
-| deployIOA | no | Deploy Indicator of Attack (IOA) integration. Defaults to ***true***. |
-| enableAppInsights | no | Enable Application Insights for additional logging of Function Apps. Defaults to ***false***. |
-| deployActivityLogDiagnosticSettings | no | Deploy Activity Log Diagnostic Settings. Defaults to ***true***. |
-| deployEntraLogDiagnosticSettings | no | Deploy Entra Log Diagnostic Settings. Defaults to ***true***. |
-
-### Registration of a single Azure Subscription
-The command below registers a single Azure Subscription into CrowdStrike Falcon Cloud Security by performing the following actions:
+You can use any of these methods to pass parameters:
+
+- Generate a parameter file: [generate-params](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-cli#generate-params)
+- Deploy the Bicep file using the parameters file: [deploy bicep file with parameters file](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/parameter-files?tabs=Bicep#deploy-bicep-file-with-parameters-file)
+- Pass the parameters as arguments: [inline-parameters](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/deploy-cli#inline-parameters)
+
+| Parameter name | Required | Description |
+|-----------------------------------------|----------|--------------------------------------------------------------------------------------------------------------------------------|
+| `defaultSubscriptionId` | yes | Subscription Id of the default Azure Subscription. |
+| `falconCID` | yes | CID for the Falcon API. |
+| `falconClientId` | yes | Client ID for the Falcon API. |
+| `falconClientSecret` | yes | Client secret for the Falcon API. |
+| `falconCloudRegion` | no | Falcon cloud region. Defaults to `US-1`. Allowed values are `US-1`, `US-2`, or `EU-1`. |
+| `useExistingAppRegistration` | no | Use an existing Application Registration. Defaults to `false`. |
+| `grantAppRegistrationAdminConsent` | no | Grant admin consent for Application Registration. Defaults to `true`. |
+| `azureClientId` | no | Application Id of an existing Application Registration in Entra ID. Only used with parameter `useExistingAppRegistration`. |
+| `azureClientSecret` | no | Application Secret of an existing Application Registration in Entra ID. Only used with parameter `useExistingAppRegistration`. |
+| `azurePrincipalId` | no | Principal Id of the Application Registration in Entra ID. Only used with parameter `useExistingAppRegistration`. |
+| `azureAccountType` | no | Type of the Azure account to integrate. |
+| `location` | no | Location for the resources deployed in this solution. |
+| `tags` | no | Tags to be applied to all resources. |
+| `deployIOM` | no | Deploy Indicator of Misconfiguration (IOM) integration. Defaults to `true`. |
+| `assignAzureSubscriptionPermissions` | no | Assign required permissions on Azure Default Subscription automatically. Defaults to `false`. |
+| `assignAzureManagementGroupPermissions` | no | Assign required permissions Azure Management Group automatically. Defaults to `true`. |
+| `deployIOA` | no | Deploy Indicator of Attack (IOA) integration. Defaults to `true`. |
+| `enableAppInsights` | no | Enable Application Insights for additional logging of Function Apps. Defaults to `false`. |
+| `deployActivityLogDiagnosticSettings` | no | Deploy Activity Log Diagnostic Settings. Defaults to `true`. |
+| `deployEntraLogDiagnosticSettings` | no | Deploy Entra Log Diagnostic Settings. Defaults to `true`. |
+
+### Register a single Azure Subscription
+
+The command below registers a single Azure Subscription into Falcon Cloud Security by performing the following actions:
- Creates an app registration in Microsoft Entra ID, including Microsoft Graph API permissions and administrative consent
- Creates Microsoft Azure activity log diagnostic setting
- Creates Microsoft Entra ID diagnostic setting
- Assigns the following Azure RBAC permissions on the Azure Subscription
- - *Reader*
- - *Security Reader*
- - *Key Vault Reader*
- - *Azure Kubernetes Service RBAC Reader*
-- Assigns the *cs-website-reader* custom role on the Subscription with the following actions
- - *Microsoft.Web/sites/Read*
- - *Microsoft.Web/sites/config/Read*
- - *Microsoft.Web/sites/config/list/Action*
+ - Reader
+ - Security Reader
+ - Key Vault Reader
+ - Azure Kubernetes Service RBAC Reader
+- Assigns the **cs-website-reader** custom role on the Subscription with the following actions
+ - Microsoft.Web/sites/Read
+ - Microsoft.Web/sites/config/Read
+ - Microsoft.Web/sites/config/list/Action
- Deploys infrastructure for Indicator of Attack (IOA) assessment
- Integrates the Subscription into the CrowdStrike Falcon Cloud Security for Indicator of Misconfiguration (IOM) and Indicator of Attack (IOA) assessment
#### Prerequisite
-Ensure you have a CrowdStrike API client ID and client secret for FCS. If you don't, you can set them up on Falcon:
+Ensure you have a CrowdStrike API client ID and client secret for Falcon Cloud Security. If you don't, you can set them up in the Falcon console:
- [US-1](https://falcon.crowdstrike.com/api-clients-and-keys/)
- [US-2](https://falcon.us-2.crowdstrike.com/api-clients-and-keys/)
@@ -155,19 +126,19 @@ Ensure you have a CrowdStrike API client ID and client secret for FCS. If you do
#### Required permissions
-- ***Application Developer***, ***Cloud Application Administrator*** or ***Application Administrator*** role in Microsoft Entra ID - to create the app registration in Microsoft Entra ID
-- ***Privileged Role Administrator*** or ***Global Administrator*** role in Microsoft Entra ID - to provide administrative consent to the requested Microsoft Graph API permissions.
+- **Application Developer**, **Cloud Application Administrator**, or **Application Administrator** role in Microsoft Entra ID to create the app registration in Microsoft Entra ID
+- **Privileged Role Administrator** or **Global Administrator** role in Microsoft Entra ID to provide administrative consent to the requested Microsoft Graph API permissions.
-> [!NOTE]
-> Use the optional *grantAdminConsent* parameter to disable granting administrative consent to the requested Microsoft Graph API permissions automatically.
+ > [!NOTE]
+ > Use the optional `grantAdminConsent` parameter to disable granting administrative consent to the requested Microsoft Graph API permissions automatically.
-- ***Owner*** role of the Azure subscription to be integrated into CrowdStrike Falcon Cloud Security
+- **Owner** role of the Azure subscription to be integrated into CrowdStrike Falcon Cloud Security
#### Deployment command
```sh
-az deployment sub create --name 'cs-cspm-subscription-deployment' --location westeurope \
- --template-file cs-cspm-deployment-subscription.bicep \
+az deployment sub create --name 'cs-fcs-subscription-deployment' --location westeurope \
+ --template-file cs-fcs-deployment-subscription.bicep \
--only-show-errors
```
@@ -176,31 +147,33 @@ az deployment sub create --name 'cs-cspm-subscription-deployment' --location wes
#### Parameters
-- You can generate a parameter file: [generate-params](https://learn.microsoft.com/fr-fr/azure/azure-resource-manager/bicep/bicep-cli#generate-params)
-- Deploy the bicep file using the parameters file: [deploy bicep file with parameters file](https://learn.microsoft.com/fr-fr/azure/azure-resource-manager/bicep/parameter-files?tabs=Bicep#deploy-bicep-file-with-parameters-file)
-- Or pass the parameters as arguments: [inline-parameters](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/deploy-cli#inline-parameters)
-
-| Parameter name | Required | Description |
-|-------------------------------------|----------|--------------------------------------------------------------------------------------------------------------------------------|
-| defaultSubscriptionId | yes | Subscription Id of the default Azure Subscription. |
-| falconCID | yes | CID for the Falcon API. |
-| falconClientId | yes | Client ID for the Falcon API. |
-| falconClientSecret | yes | Client secret for the Falcon API. |
-| falconCloudRegion | no | Falcon cloud region. Defaults to ***US-1***. Allowed values are US-1, US-2 or EU-1. |
-| useExistingAppRegistration | no | Use an existing Application Registration. Defaults to ***false***. |
-| grantAppRegistrationAdminConsent | no | Grant admin consent for Application Registration. Defaults to ***true***. |
-| azureClientId | no | Application Id of an existing Application Registration in Entra ID. Only used with parameter *useExistingAppRegistration*. |
-| azureClientSecret | no | Application Secret of an existing Application Registration in Entra ID. Only used with parameter *useExistingAppRegistration*. |
-| azurePrincipalId | no | Principal Id of the Application Registration in Entra ID. Only used with parameter *useExistingAppRegistration*. |
-| azureAccountType | no | Type of the Azure account to integrate. |
-| location | no | Location for the resources deployed in this solution. |
-| tags | no | Tags to be applied to all resources. |
-| deployIOM | no | Deploy Indicator of Misconfiguration (IOM) integration. Defaults to ***true***. |
-| assignAzureSubscriptionPermissions | no | Assign required permissions on Azure Default Subscription automatically. Defaults to ***true***. |
-| deployIOA | no | Deploy Indicator of Attack (IOA) integration. Defaults to ***true***. |
-| enableAppInsights | no | Enable Application Insights for additional logging of Function Apps. Defaults to ***false***. |
-| deployActivityLogDiagnosticSettings | no | Deploy Activity Log Diagnostic Settings. Defaults to ***true***. |
-| deployEntraLogDiagnosticSettings | no | Deploy Entra Log Diagnostic Settings. Defaults to ***true***. |
+You can use any of these methods to pass parameters:
+
+- Generate a parameter file: [generate-params](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-cli#generate-params)
+- Deploy the Bicep file using the parameters file: [deploy bicep file with parameters file](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/parameter-files?tabs=Bicep#deploy-bicep-file-with-parameters-file)
+- Pass the parameters as arguments: [inline-parameters](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/deploy-cli#inline-parameters)
+
+| Parameter name | Required | Description |
+|---------------------------------------|----------|--------------------------------------------------------------------------------------------------------------------------------|
+| `defaultSubscriptionId` | yes | Subscription Id of the default Azure Subscription. |
+| `falconCID` | yes | CID for the Falcon API. |
+| `falconClientId` | yes | Client ID for the Falcon API. |
+| `falconClientSecret` | yes | Client secret for the Falcon API. |
+| `falconCloudRegion` | no | Falcon cloud region. Defaults to `US-1`. Allowed values are `US-1`, `US-2`, or `EU-1`. |
+| `useExistingAppRegistration` | no | Use an existing Application Registration. Defaults to `false`. |
+| `grantAppRegistrationAdminConsent` | no | Grant admin consent for Application Registration. Defaults to `true`. |
+| `azureClientId` | no | Application Id of an existing Application Registration in Entra ID. Only used with parameter `useExistingAppRegistration`. |
+| `azureClientSecret` | no | Application Secret of an existing Application Registration in Entra ID. Only used with parameter `useExistingAppRegistration`. |
+| `azurePrincipalId` | no | Principal Id of the Application Registration in Entra ID. Only used with parameter `useExistingAppRegistration`. |
+| `azureAccountType` | no | Type of the Azure account to integrate. |
+| `location` | no | Location for the resources deployed in this solution. |
+| `tags` | no | Tags to be applied to all resources. |
+| `deployIOM` | no | Deploy Indicator of Misconfiguration (IOM) integration. Defaults to `true`. |
+| `assignAzureSubscriptionPermissions` | no | Assign required permissions on Azure Default Subscription automatically. Defaults to `true`. |
+| `deployIOA` | no | Deploy Indicator of Attack (IOA) integration. Defaults to `true`. |
+| `enableAppInsights` | no | Enable Application Insights for additional logging of Function Apps. Defaults to `false`. |
+| `deployActivityLogDiagnosticSettings` | no | Deploy Activity Log Diagnostic Settings. Defaults to `true`. |
+| `deployEntraLogDiagnosticSettings` | no | Deploy Entra Log Diagnostic Settings. Defaults to `true`. |
## Contributing
@@ -208,10 +181,10 @@ If you want to develop new content or improve on this collection, please open an
## Support
-This is a community-driven, open source project aimed to register Falcon CSPM with Azure using Bicep. While not an official CrowdStrike product, this repository is maintained by CrowdStrike and supported in collaboration with the open source developer community.
+This is a community-driven, open source project aimed to register Falcon Cloud Security with Azure using Bicep. While not an official CrowdStrike product, this repository is maintained by CrowdStrike and supported in collaboration with the open source developer community.
-For additional information, please refer to the [SUPPORT.md](https://github.com/CrowdStrike/azure-cspm-registration-bicep/main/SUPPORT.md) file.
+For additional information, please refer to the [SUPPORT.md](https://github.com/CrowdStrike/fcs-azure-bicep/main/SUPPORT.md) file.
## License Information
-See the [LICENSE](https://github.com/CrowdStrike/azure-cspm-registration-bicep/main/LICENSE) for more information.
+See the [LICENSE](https://github.com/CrowdStrike/fcs-azure-bicep/main/LICENSE) for more information.
diff --git a/SECURITY.md b/SECURITY.md
index cdd1b68..646a234 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -10,8 +10,8 @@ We have multiple avenues to receive security-related vulnerability reports.
Please report suspected security vulnerabilities by:
-+ Submitting a [bug](https://github.com/CrowdStrike/azure-cspm-registration-bicep/issues/new/)
-+ Submitting a [pull request](https://github.com/CrowdStrike/azure-cspm-registration-bicep/pulls) to potentially resolve the issue
++ Submitting a [bug](https://github.com/CrowdStrike/fcs-azure-bicep/issues/new/)
++ Submitting a [pull request](https://github.com/CrowdStrike/fcs-azure-bicep/pulls) to potentially resolve the issue
+ Sending an email to __oss-security@crowdstrike.com__
## Disclosure and mitigation process
@@ -30,7 +30,7 @@ process, involving the following steps:
## Comments
-If you have suggestions on how this process could be improved, please let us know by [summarizing your thoughts in an issue](https://github.com/CrowdStrike/azure-cspm-registration-bicep/issues/new/).
+If you have suggestions on how this process could be improved, please let us know by [summarizing your thoughts in an issue](https://github.com/CrowdStrike/fcs-azure-bicep/issues/new/).
diff --git a/SUPPORT.md b/SUPPORT.md
index 3dc7411..e6c5a39 100644
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -2,11 +2,11 @@
# Support
-This is a community-driven, open source project designed to register Falcon CSPM with Azure using Bicep. While not a formal CrowdStrike product, This project is maintained by CrowdStrike and supported in partnership with the open source developer community.
+This is a community-driven, open source project designed to register Falcon Cloud Security with Azure using Bicep. While not a formal CrowdStrike product, This project is maintained by CrowdStrike and supported in partnership with the open source developer community.
## Issue Reporting and Questions
-Issues may be reported [here](https://github.com/CrowdStrike/azure-cspm-registration-bicep/issues/new/choose) and are used to track bugs, documentation and link updates, enhancement requests and security concerns.
+Issues may be reported [here](https://github.com/CrowdStrike/fcs-azure-bicep/issues/new/choose) and are used to track bugs, documentation and link updates, enhancement requests and security concerns.
## Support Escalation
diff --git a/cs-cspm-deployment-managementGroup.bicep b/cs-fcs-deployment-managementGroup.bicep
similarity index 94%
rename from cs-cspm-deployment-managementGroup.bicep
rename to cs-fcs-deployment-managementGroup.bicep
index bccfbc9..f3e3eca 100644
--- a/cs-cspm-deployment-managementGroup.bicep
+++ b/cs-fcs-deployment-managementGroup.bicep
@@ -1,14 +1,14 @@
targetScope = 'managementGroup'
/*
- This Bicep template deploys CrowdStrike CSPM integration for
+ This Bicep template deploys CrowdStrike Falcon Cloud Security integration for
Indicator of Misconfiguration (IOM) and Indicator of Attack (IOA) assessment.
Copyright (c) 2024 CrowdStrike, Inc.
*/
/* Parameters */
-@description('Targetscope of the CSPM integration.')
+@description('Targetscope of the Falcon Cloud Security integration.')
@allowed([
'ManagementGroup'
'Subscription'
@@ -19,7 +19,7 @@ param targetScope string = 'ManagementGroup'
param defaultSubscriptionId string
@description('The prefix to be added to the deployment name.')
-param deploymentNamePrefix string = 'cs-cspm'
+param deploymentNamePrefix string = 'cs-fcs'
@description('The suffix to be added to the deployment name.')
param deploymentNameSuffix string = utcNow()
@@ -74,7 +74,6 @@ param location string = deployment().location
param tags object = {
'cstag-vendor': 'crowdstrike'
'cstag-product': 'fcs'
- 'cstag-purpose': 'cspm'
}
/* IOM-specific parameter */
@@ -131,7 +130,7 @@ module iomAzureManagementGroup 'modules/iom/azureManagementGroupRoleAssignment.b
}
}
-module ioaAzureSubscription 'modules/cs-cspm-ioa-deployment.bicep' = if (deployIOA && targetScope == 'ManagementGroup') {
+module ioaAzureSubscription 'modules/cs-fcs-ioa-deployment.bicep' = if (deployIOA && targetScope == 'ManagementGroup') {
name: '${deploymentNamePrefix}-ioa-azureSubscription-${deploymentNameSuffix}'
scope: subscription(defaultSubscriptionId) // DO NOT CHANGE
params:{
diff --git a/cs-cspm-deployment-subscription.bicep b/cs-fcs-deployment-subscription.bicep
similarity index 93%
rename from cs-cspm-deployment-subscription.bicep
rename to cs-fcs-deployment-subscription.bicep
index b6d4de7..680f355 100644
--- a/cs-cspm-deployment-subscription.bicep
+++ b/cs-fcs-deployment-subscription.bicep
@@ -1,14 +1,14 @@
targetScope = 'subscription'
/*
- This Bicep template deploys CrowdStrike CSPM integration for
+ This Bicep template deploys CrowdStrike Falcon Cloud Security integration for
Indicator of Misconfiguration (IOM) and Indicator of Attack (IOA) assessment.
Copyright (c) 2024 CrowdStrike, Inc.
*/
/* Parameters */
-@description('Targetscope of the CSPM integration.')
+@description('Targetscope of the Falcon Cloud Security integration.')
@allowed([
'ManagementGroup'
'Subscription'
@@ -16,7 +16,7 @@ targetScope = 'subscription'
param targetScope string = 'Subscription'
@description('The prefix to be added to the deployment name.')
-param deploymentNamePrefix string = 'cs-cspm'
+param deploymentNamePrefix string = 'cs-fcs'
@description('The suffix to be added to the deployment name.')
param deploymentNameSuffix string = utcNow()
@@ -74,7 +74,6 @@ param location string = deployment().location
param tags object = {
'cstag-vendor': 'crowdstrike'
'cstag-product': 'fcs'
- 'cstag-purpose': 'cspm'
}
/* IOM-specific parameter */
@@ -120,7 +119,7 @@ module iomAzureSubscription 'modules/iom/azureSubscription.bicep' = if (deployIO
}
}
-module ioaAzureSubscription 'modules/cs-cspm-ioa-deployment.bicep' = if (deployIOA && targetScope == 'Subscription') {
+module ioaAzureSubscription 'modules/cs-fcs-ioa-deployment.bicep' = if (deployIOA && targetScope == 'Subscription') {
name: '${deploymentNamePrefix}-ioa-azureSubscription-${deploymentNameSuffix}'
scope: subscription(defaultSubscriptionId)
params:{
diff --git a/modules/cs-cspm-ioa-deployment.bicep b/modules/cs-fcs-ioa-deployment.bicep
similarity index 99%
rename from modules/cs-cspm-ioa-deployment.bicep
rename to modules/cs-fcs-ioa-deployment.bicep
index 6706bb3..fb04001 100644
--- a/modules/cs-cspm-ioa-deployment.bicep
+++ b/modules/cs-fcs-ioa-deployment.bicep
@@ -12,7 +12,7 @@ targetScope = 'subscription'
param location string = deployment().location
@description('The prefix to be added to the deployment name.')
-param deploymentNamePrefix string = 'cs-cspm-ioa'
+param deploymentNamePrefix string = 'cs-fcs-ioa'
@description('The suffix to be added to the deployment name.')
param deploymentNameSuffix string = utcNow()
@@ -24,7 +24,6 @@ param resourceGroupName string = 'cs-ioa-group' // DO NOT CHANGE - used for regi
param tags object = {
'cstag-vendor': 'crowdstrike'
'cstag-product': 'fcs'
- 'cstag-purpose': 'cspm'
}
@description('The CID for the Falcon API.')
@@ -357,7 +356,7 @@ module entraDiagnosticSetttings 'ioa/entraLog.bicep' = if (deployEntraLogDiagnos
}
}
-/* Set CrowdStrike CSPM Default Azure Subscription */
+/* Set CrowdStrike Falcon Cloud Security Default Azure Subscription */
module setAzureDefaultSubscription 'ioa/defaultSubscription.bicep' = {
scope: scope
name: '${deploymentNamePrefix}-defaultSubscription-${deploymentNameSuffix}'
diff --git a/modules/ioa/defaultSubscription.bicep b/modules/ioa/defaultSubscription.bicep
index 06c0f52..ebc5da9 100644
--- a/modules/ioa/defaultSubscription.bicep
+++ b/modules/ioa/defaultSubscription.bicep
@@ -35,7 +35,7 @@ resource setAzureDefaultSubscription 'Microsoft.Resources/deploymentScripts@2023
}
]
arguments: '-AzureTenantId ${tenant().tenantId} -AzureSubscriptionId ${subscription().subscriptionId}'
- scriptContent: loadTextContent('../../scripts/Set-FalconCspmAzureDefaultSubscription.ps1')
+ scriptContent: loadTextContent('../../scripts/Set-FcsAzureDefaultSubscription.ps1')
retentionInterval: 'PT1H'
cleanupPreference: 'OnSuccess'
}
diff --git a/modules/iom/azureAccount.bicep b/modules/iom/azureAccount.bicep
index ccedd80..438efd2 100644
--- a/modules/iom/azureAccount.bicep
+++ b/modules/iom/azureAccount.bicep
@@ -5,7 +5,7 @@
*/
/* Parameters */
-@description('Targetscope of the CSPM integration.')
+@description('Targetscope of the Falcon Cloud Security integration.')
@allowed([
'ManagementGroup'
'Subscription'
@@ -50,13 +50,12 @@ param location string = resourceGroup().location
param tags object = {
'cstag-vendor': 'crowdstrike'
'cstag-product': 'fcs'
- 'cstag-purpose': 'cspm'
}
/* Resources */
-/* Register Azure account(s) in Falcon CSPM */
-resource falconCspmAzureAccount 'Microsoft.Resources/deploymentScripts@2023-08-01' = {
- name: 'cs-cspm-iom-${subscription().subscriptionId}'
+/* Register Azure account(s) in Falcon Falcon Cloud Security */
+resource fcsAzureAccount 'Microsoft.Resources/deploymentScripts@2023-08-01' = {
+ name: 'cs-fcs-iom-${subscription().subscriptionId}'
location: location
tags: tags
kind: 'AzurePowerShell'
@@ -85,11 +84,11 @@ resource falconCspmAzureAccount 'Microsoft.Resources/deploymentScripts@2023-08-0
}
]
arguments: '-AzureAccountType ${azureAccountType} -AzureTenantId ${tenant().tenantId} -AzureSubscriptionId ${subscription().subscriptionId} -TargetScope ${targetScope} -UseExistingAppRegistration ${useExistingAppRegistration}'
- scriptContent: loadTextContent('../../scripts/New-FalconCspmAzureAccount.ps1')
+ scriptContent: loadTextContent('../../scripts/New-FcsAzureAccount.ps1')
retentionInterval: 'PT1H'
cleanupPreference: 'OnSuccess'
}
}
/* Outputs */
-output azurePublicCertificate string = falconCspmAzureAccount.properties.outputs.public_certificate
+output azurePublicCertificate string = fcsAzureAccount.properties.outputs.public_certificate
diff --git a/modules/iom/azureAppRegistration.bicep b/modules/iom/azureAppRegistration.bicep
index 5d5547c..cc33acf 100644
--- a/modules/iom/azureAppRegistration.bicep
+++ b/modules/iom/azureAppRegistration.bicep
@@ -11,7 +11,7 @@ extension microsoftGraphV1
/* Parameters */
@description('Name of the Application Registration.')
-param applicationName string = 'CrowdStrikeCSPM-${uniqueString(tenant().tenantId)}'
+param applicationName string = 'CrowdStrikeFCS-${uniqueString(tenant().tenantId)}'
@secure()
@description('Public certificate data.')
@@ -21,7 +21,7 @@ param publicCertificate string = ''
param grantAdminConsent bool = true
/* Variables */
-var applicationDescription = 'CrowdStrike Falcon CSPM'
+var applicationDescription = 'CrowdStrike Falcon Cloud Security'
var redirectUris = ['https://falcon.crowdstrike.com/cloud-security/registration/app/cspm/cspm_accounts']
var applicationPermissions = [
diff --git a/modules/iom/azureSubscription.bicep b/modules/iom/azureSubscription.bicep
index 804b2f4..c72fa8a 100644
--- a/modules/iom/azureSubscription.bicep
+++ b/modules/iom/azureSubscription.bicep
@@ -16,7 +16,7 @@ extension microsoftGraphV1
param targetScope string
@description('The prefix to be added to the deployment name.')
-param deploymentNamePrefix string = 'cs-cspm-iom'
+param deploymentNamePrefix string = 'cs-fcs-iom'
@description('The suffix to be added to the deployment name.')
param deploymentNameSuffix string = utcNow()
@@ -71,7 +71,6 @@ param location string = deployment().location
param tags object = {
'cstag-vendor': 'crowdstrike'
'cstag-product': 'fcs'
- 'cstag-purpose': 'cspm'
}
/* Create Azure Resource Group for IOM resources */
diff --git a/scripts/New-FalconCspmAzureAccount.ps1 b/scripts/New-FcsAzureAccount.ps1
similarity index 97%
rename from scripts/New-FalconCspmAzureAccount.ps1
rename to scripts/New-FcsAzureAccount.ps1
index 0e3e61f..0f96d9f 100644
--- a/scripts/New-FalconCspmAzureAccount.ps1
+++ b/scripts/New-FcsAzureAccount.ps1
@@ -87,10 +87,10 @@ try {
# Request Falcon API access token
Request-FalconToken -ClientId $Env:FALCON_CLIENT_ID -ClientSecret $Env:FALCON_CLIENT_SECRET -Cloud $($Env:FALCON_CLOUD_REGION.ToLower())
- # Register Azure account in Falcon CSPM
+ # Register Azure account in Falcon Cloud Security
New-FalconCloudAzureAccount -TenantId $AzureTenantId -SubscriptionId $AzureSubscriptionId -ClientId $Env:AZURE_CLIENT_ID -AccountType $AzureAccountType -YearsValid $AzureYearsValid
- # Register Azure Management Group in Falcon CSPM
+ # Register Azure Management Group in Falcon Cloud Security
if ($TargetScope -eq 'ManagementGroup') {
New-FalconCloudAzureGroup -TenantId $AzureTenantId -DefaultSubscriptionId $AzureSubscriptionId
}
diff --git a/scripts/Set-FalconCspmAzureDefaultSubscription.ps1 b/scripts/Set-FcsAzureDefaultSubscription.ps1
similarity index 100%
rename from scripts/Set-FalconCspmAzureDefaultSubscription.ps1
rename to scripts/Set-FcsAzureDefaultSubscription.ps1