This project was created to automate secure role assignments in Microsoft Entra ID, ensuring compliance and secure credential handling through Azure Key Vault and Splunk event monitoring.
Security Best Practices.
- Secure Role Management: Automates the assignment and revocation of roles using Azure AD.
- Credential Security: Client secrets are securely stored in Azure Key Vault.
- Compliance Integration: All role changes are logged and monitored in Splunk for auditing and compliance reporting.
- Scalable Log Generation: Includes a dynamic log generation tool for security event simulation and analysis.
- Automate Secure Role Assignments in Microsoft Entra ID.
- Ensure Secure Credential Handling using Azure Key Vault.
- Provide Comprehensive Auditing through Splunk integration.
- Support Compliance Standards (ISO 27001, NIST 800-53, CIS Controls).
This project uses two types of user data for reporting:
- Real Test Users: Created for role assignment validation in Entra ID.
- Randomized Test Data: Used for simulated event generation to test Splunk dashboards and threat detection.
- Purpose: Validates secure role assignments and RBAC automation.
- Usage: Applied during the initial project setup for Microsoft Entra ID role assignments.
- Example:
testuser1@company.com,testuser2@company.com - Focus: Secure and compliant user role management within Azure AD.
- Purpose: Simulates large-scale security events and anomaly detection in Splunk.
- Generated Using: The
fakerlibrary with random IP addresses, event types, and users. - Example:
user123@example.com,198.51.100.23 - Use Case: Testing threat detection dashboards and event distribution analysis in Splunk.
| Data Set | Use Case | Purpose |
|---|---|---|
| Real Test Users | Microsoft Entra ID Role Management | Validate secure role automation |
| Randomized User Data | Simulated Log Generation for Splunk Analysis | Test event diversity and risk analysis |
- Real Test Users: Manually created in Microsoft Entra ID for direct testing.
- Randomized Data: Generated using the
azure_log_generator.pyscript with adjustable event parameters.
- Use real test users for validating secure access controls and RBAC policies.
- Use random data for log generation and testing event detection dashboards in Splunk.
- Microsoft Entra ID Configuration:
- Create a Microsoft Entra ID tenant and add test users with multiple roles.
- Python Setup:
- Install necessary Python libraries using
requirements.txt.
- Install necessary Python libraries using
- Azure Key Vault:
- Set up a Key Vault to securely store client secrets.
- Splunk Integration:
- Enable Splunk data ingestion using directory monitoring and
azure_rbacindex.
- Enable Splunk data ingestion using directory monitoring and
This project incorporates Role-Based Access Control (RBAC) principles, ensuring the principle of least privilege is enforced.
- Role Assignment Automation: Python-based automation for secure access.
- Policy Management: Azure Key Vault stores sensitive secrets and access tokens.
- Security Enforcement: Unauthorized access is flagged through Splunk alerts.
- User-Based Access Policies: Assigning user roles based on their job functions.
- Resource Restrictions: Limiting access to critical Azure services like Blob Storage.
- Automated Role Revocation: Removing access automatically after policy changes.