Link Search Menu Expand Document

Vidara App Registration

Wortell uses Vidara as it’s security platform. In order to have Vidara running, it needs to have certain permissions on the customer tenant. This article describes the permissions and settings that are required for the App Registration that connects Vidara to the customer tenant.

Settings

The Vidara App registration should setup using the following settings:

Setting Value Description
Owner The app registration itself Wortell has procedures and systems in place to rotate the key of the app registration. In order to rotate keys, the app registration needs to be owner of itself
Secret A secret with validation date of 3 months should be generated A secret needs to setup so Vidara can authorize on the customer tenant

Permissions

Vidara requires permissions for its interaction with the customer environment.

The following permissions are used for a wide range of Managed Detection and Response activities. Think of:

  • Vulnerability management
  • Threat hunting
  • Responding on incidents
  • Execute investingations
  • Validating of all required permissions are set correctly

Azure Active Directory

The following permissions need to be set on the Vidara App Registration and Admin Concent needs to be given:

API Required Permission
Microsoft Graph Application.ReadWrite.OwnedBy
Microsoft Graph Directory.Read.All
Microsoft Graph IdentityRiskyUser.ReadWrite.All
Microsoft Graph Organization.Read.All
Microsoft Graph SecurityActions.Read.All
Microsoft Threat Protection AdvancedHunting.Read.All
Microsoft Threat Protection CustomDetections.ReadWrite.All
Log Analytics API Data.Read
WindowsDefenderATP Alert.ReadWrite.All
WindowsDefenderATP Machine.CollectForensic
WindowsDefenderATP Machine.Isolate
WindowsDefenderATP Machine.Read.All
WindowsDefenderATP Machine.Scan
WindowsDefenderATP Vulnerability.Read.All

Azure

The following permissions need to be set on the Vidara App Registration:

Resource Required Role
Azure Subscription* Reader
  • required for all Azure subscriptions that are protected by Wortell Managed Detection and Response

Key Rotation

It is a best practice to rotate your keys (that is, to create a new version of the key which will replace the old one) on a regular basis. By applying key rotation, Wortell drastically reduces the risk that the app registration used by Vidara can get compromised by an attack.

Key rotation is a fully automated process. During a key rotation, a new key will get generated. The existing key remains in an active state. However, older versions will get deleted. The latest version of the key will then be used for all future interactions with Vidara.

Keys are stored in an Azure Keyvault that is connected to Vidara. Access to keys is only granted to Vidara. None of the Wortell Security Employees have access to this key vault. As key rotation is a fully automated process, none of the Wortell employees can be aware of the active keys.