Versions Compared

Version Old Version 1 New Version Current
Changes made by

Aparna Rr

Aparna Rr

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Log Type

 Ingestion label

Preferred Logging Protocol - Format

Log Collection Method

 Azure VPN

 AZURE_VPN

Cloud Storage - JSON

C2C - Storage

Azure VPN

AZURE_VPN

Cloud Log Stream - JSON

CyberHub

Device Configuration

...

  • An Azure subscription that you can sign in to.

  • A user who's a Global Administrator

  • Azure Storage Account to store the logs or an Event Hub to stream the logs. 

As per Microsoft's architecture, while pulling data from EventHub requires a Storage Account Key/SAS Token, Blob Container, and Storage Account Name, as the marker for the EventHub is stored in the storage account.

 Reference URLs

...

Parameters required from customer for Integration.

Via Azure C2C-Storage:

Property

Default Value

Description

Logging Source

AZURE URI

N/A

Select Storage

eventHubConnectionString

N/A

N/A (keep blank)

consumerGroupName

N/A

N/A (keep blank)

Account Key

Custome value

Access Key to access storage account

Blob Container

N/A

Storage blob Container name

e.g.
insights-activity-logs

Storage Account Name

Custome value

Azure storage account name

Subscription

N/A

Subscription ID that customer wants to be monitored

initialReadPolicy

N/A

Select Beginning to start reading from beginning and End to start reading logs from the end

...

The URI pointing to a Azure Blob Storage blob or container.

URI IS A

Directory which includes subdirectories

The type of object indicated by the URI. Valid values are:

  • FILES: The URI points to a single blob that will be ingested with each execution of the feed.

  • FOLDERS_RECURSIVE: The URI points to a Blob Storage container.

SOURCE DELETION OPTION

Never delete files

Source file deletion is not supported in Azure. This field's value must be set to SOURCE_DELETION_NEVER.

Shared Key OR SAS Token

 

A shared key, a 512-bit random string in base64 encoding, authorized to access Azure Blob Storage. Required if not specifying an SAS Token.
OR
A Shared Access Signature authorized to access the Azure Blob Storage container.

ASSET NAMESPACE

 

To assign an asset namespace to all events that are ingested from a particular feed, set the "namespace" field within details. The namespace field is a string.

Via Azure EventHub [CyberHub]:

Property

Default Value

Description

Logging Source

N/A

Select EventHub

eventHubConnectionString

N/A

Event hub connection string

consumerGroupName

N/A

Optional and used if consumer Group is other than default

Account Key

Custom Value

Access Key to access storage account

Blob Container

N/A

Storage blob Container name

Storage Account Name

Custom Value

Azure storage account name

Subscription

N/A

Set EventHub name

initialReadPolicy

N/A

N/A (keep default selection)