Azure: Public Cloud IP Address List as a CSV

Introduction

Azure is a massive public cloud and Microsoft maintains a list of IP address ranges for Public Azure as a whole, along with ranges for several Azure Services organized in Service Tags. These IP ranges are posted weekly on Microsoft’s website as a large, downloadable JSON file. However, many network monitoring tools and SIEMs, including Azure Sentinel, require a Start IP and End IP address range or IP address range in CIDR notation as an input.

One of the most robust tools I’ve used to quickly transform data like this is pandas, a “fast, powerful, flexible and easy to use open source data analysis and manipulation tool, built on top of the Python programming language.”

Leveraging pandas allowed me to quickly parse through the JSON file from Microsoft, extract and transform the IP addresses as needed, and then export my output to appropriate CSV files. While pandas can do so much more than this, I found it easier to import the library and leverage DataFrames than trying to complete the solution in Python alone.

Solution

I’ve posted two scripts on GitHub to complete this. The first, parsejson.py simply parses the JSON file downloaded from Microsoft’s website and exports 3 CSV files:

  • The Public IP address ranges in CIDR notation de-nested (or extracted) from the JSON
  • The Start and End IP address of each range in IPv4 format
  • The Start and End IP address of each range in “long” 64-bit format, which is required in Azure Sentinel when using the parse_ipv4() function

The second, Automated/api_to_blob.py is a framework to automate this process. This script leverages the API in Preview to obtain the latest data from Microsoft to keep your IP address ranges current. The data returned by this API call is provided in the same format as the file available on Microsoft’s website.

The “Automated” script performs the same transformations in the parsejson.py script above, then uploads the files to a Blob Container in Azure Storage. Use it as a baseline to refactor into your existing business processes or build it as an Azure Function App.