BLACKSHIELD

सार्वजनिक गाइड

Deploy Network Sensor on Azure

Capture traffic using Virtual Network TAP, deploy sensor VM with Bicep, and bridge network telemetry into the security platform. लक्षित पाठक: Platform engineers, Azure administrators, security engineers. सामान्य सेटअप समय: 10 minutes.

quickstart

Use this if

Capture traffic using Virtual Network TAP, deploy sensor VM with Bicep, and bridge network telemetry into the security platform.

Audience
Platform engineers, Azure administrators, security engineers
Typical time
10 minutes

शुरू करने से पहले

  • You have an Azure subscription with production VMs running workloads.
  • You have created an ingestion API key in Settings → API Keys with Ingestion scope.
  • You have permissions to create VNet TAP resources and VMs in your resource group.

Fast path

Copy a working starter, run it in your environment, then come back here for the deeper rollout details.

Get the source bundle

Download the exact source files referenced on this page, or run the one-command installer to write them locally before following the deployment steps.

Azure network sensor Bicep source

Creates the Azure Bicep template under `deploy/azure-network-sensor/` with the current platform API URL prefilled for VNet TAP-based network telemetry ingestion.

deploy/azure-network-sensor/
bash
BLACKSHIELD_NETWORK_SENSOR_IMAGE=public.ecr.aws/blackshield-security/network-sensor:1.0.0 \
BLACKSHIELD_API_URL=https://api.blackshield.chaplau.com \
bash <(curl -fsSL https://blackshield.chaplau.com/source-bundles/azure-network-sensor.sh)
cd deploy/azure-network-sensor
Download source

यह चलाएँ

azure-vnet-tap.sh

bash
#!/bin/bash
# Create Azure Virtual Network TAP for network sensor

RESOURCE_GROUP="myResourceGroup"
VNET_TAP_NAME="network-sensor-tap"

az network vnet tap create \
  --resource-group "$RESOURCE_GROUP" \
  --name "$VNET_TAP_NAME"

Understand and customize

Use the guided steps below when you want to tailor the rollout, validate ownership, or expand the deployment safely.

चरण 1

Configure Virtual Network TAP

Set up an Azure VNet TAP to duplicate traffic from production VMs to the sensor.

  • Create a Network Tap resource pointing to the sensor VM's NIC.
  • Attach the tap to source VM network interfaces (those you want to monitor).
  • Verify VNet TAP status is 'Connected' in the Azure portal.
  • Confirm mirrored traffic is flowing to the sensor NIC.

What success looks like

Confirm mirrored traffic is flowing to the sensor NIC.

Open Azure network sensor prep

चरण 2

Deploy sensor VM with Bicep

Use the source bundle on this page to download the Azure network sensor Bicep template and deploy it.

  • Use the source bundle on this page to download the Azure network sensor Bicep template into deploy/azure-network-sensor/ with `apiUrl` already prefilled for your deployed platform.
  • Copy parameters.json.example to parameters.json and customize: resource group, VNet, subnet, SSH key, and existing Key Vault details.
  • Run: az deployment group create --resource-group [rg] --template-file main.bicep --parameters parameters.json — deploys VM with managed identity and Key Vault integration.
  • The VM automatically retrieves the API key from Key Vault and starts the sensor container.

What success looks like

The VM automatically retrieves the API key from Key Vault and starts the sensor container.

Azure Deployment Guide

चरण 3

Validate findings ingestion

Confirm network telemetry is flowing into the platform.

  • Connect to the VM: az vm run-command invoke --resource-group [rg] --name [vm-name] --command-id RunShellScript --scripts 'docker logs $(docker ps -q) -f'
  • Look for 'VNet TAP capture active' or similar in the logs.
  • Check the platform Findings view for network-based security alerts.
  • Verify flow to the platform within 5 minutes of traffic on the mirrored interfaces.

What success looks like

Verify flow to the platform within 5 minutes of traffic on the mirrored interfaces.

View Findings · Sign-in required

What success looks like

  • Findings appear in the platform Findings view with scanner=network (Azure).
  • VNet TAP status shows as 'Connected' for all monitored interfaces.
  • No authentication or connectivity errors in the sensor logs.
Deploy Network Sensor on Azure | BlackShield Docs