Versions Compared

Version Old Version 2 New Version Current
Changes made by

Aparna Rr

Aparna Rr

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Log Type

 Ingestion label

Preferred Logging Protocol - Format

Log Collection Method

Data Source

  Microsoft Azure Activity

  AZURE_ACTIVITY

Cloud Storage - JSON

CyberHubC2C - Storage

https://cloud.google.com/chronicle/docs/reference/feed-management-api#azure_blobstore

Microsoft Azure Activity

 AZURE_ACTIVITY

 Cloud Log Stream- JSON

CyberHub

Device Configuration

Prerequisites:

  • An Azure subscription that you can sign in to.

  • A user who's a Global Administrator

  • Azure Storage Account to store the logs or an Event Hub to stream the logs. 

As per Microsoft's architecture, while pulling data from EventHub requires a Storage Account Key/SAS Token, Blob Container, and Storage Account Name, as the marker for the EventHub is stored in the storage account.

Reference URLs

...

Integration Parameters

Via Azure C2C - Storage:

Property

Parameter Display Name

Default Value

Description

Logging Source

AZURE URI

N/A

Select Storage

eventHubConnectionString

N/A

N/A (keep blank)

consumerGroupName

N/A

N/A (keep blank)

Account Key

Custome value

Access Key to access storage account

Blob Container

N/A

Storage blob Container name

e.g.
insights-activity-logs

Storage Account Name

Custom Value

Azure storage account name

Subscription

N/A

Subscription ID that customer wants to be monitored

initialReadPolicy

N/A

Select Beginning to start reading from beginning and End to start reading logs from the end

...

The URI pointing to a Azure Blob Storage blob or container. Container names are

insights-activity-logs

URI IS A

Directory which includes subdirectories

The type of object indicated by the URI. Valid values are:

  • FILES: The URI points to a single blob that will be ingested with each execution of the feed.

  • FOLDERS_RECURSIVE: The URI points to a Blob Storage container.

SOURCE DELETION OPTION

Never delete files

Source file deletion is not supported in Azure. This field's value must be set to SOURCE_DELETION_NEVER.

Shared Key OR SAS Token

 

A shared key, a 512-bit random string in base64 encoding, authorized to access Azure Blob Storage. Required if not specifying an SAS Token.
OR
A Shared Access Signature authorized to access the Azure Blob Storage container.

ASSET NAMESPACE

 

To assign an asset namespace to all events that are ingested from a particular feed, set the "namespace" field within details. The namespace field is a string.

Via Azure EventHub [CyberHub]:

Property

Default Value

Description

Logging Source

N/A

Select EventHub

eventHubConnectionString

N/A

Event hub connection string

consumerGroupName

N/A

Optional and used if consumer Group is other than default

Account Key

Custom Value

Access Key to access storage account

Blob Container

N/A

Storage blob Container name

Storage Account Name

Custom Value

Azure storage account name

Subscription

N/A

Set EventHub name

initialReadPolicy

N/A

N/A (keep default selection)

...