Table of contents

Configure agent runtime protection for Azure

Application Security provides runtime protection for Azure serverless functions from within, by providing an embedded agent that can be configured to protect the Azure functions. As a result, both the function code and the third party packages leveraged by the function code are automatically protected.

This is supported only for the Python programming language on Linux, for the HTTP triggers of Azure functions.

Protecting your Azure function with Application Security is easy. It requires a few simple steps:

  1. Create and configure a protection group within the Application Security Dashboard.

  2. Add the Application Security agent to your function package and add the single line of code to your function.

  3. Configure the required environment variables for the Application Security agent, with the Azure function to protect.

Create and configure a protection group with Application Security

The procedure to follow for creating and configuring a protection group for protecting Azure functions is described in section Add a Security Group.

Add the Application Security agent to your function package

Adding the Application Security agent to your Azure function is simple. The procedure depends on the function's programming language.

Add the Python agent to Azure functions

The Python agent is distributed through the pypi.org Python package index. The following steps describe how to add the Python agent to protect the Azure functions:

  1. Add the Application Security package to requirements.txt:
    trend_app_protect

  2. Run pip to install the package:
    pip install -r requirements.txt

  3. In your Azure function add the 2 small line of codes:

    • Import the decorator:

      • At the top of the function's code add:
        from trend_app_protect.api.azure_function import protect_function
      • Add the decorator to the main function: Just before the main, add the following decorator code
        @protect_function
        def main(req: func.HttpRequest, context: func.Context) -> func.HttpResponse:
           <your python code>
  4. In your Azure function, configure the Application Security agent environment variables:

    The Application Security agent requires as a minimum the Key and Secret in order to authenticate itself to the Application Security service.

TREND_AP_KEY: < key from Application Security Dashboard >
TREND_AP_SECRET: < secret from Application Security Dashboard >
Additional environment variables can be configured as required. For example for agent logging:
TREND_AP_LOG_FILE: STDOUT
TREND_AP_LOG_LEVEL: DEBUG
The environment variables that can be configured are described in section Agent configuration settings with environment variables.