Versions Compared

Version Old Version 2 New Version Current
Changes made by

Aparna Rr

Aparna Rr

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Log Type

 Ingestion label

Preferred Logging Protocol - Format

Log collection method

Data Source

Azure Key Vault logging

AZURE_KEYVAULT_AUDIT

Cloud Storage - JSON

CyberHubC2C-Storage

https://cloud.google.com/chronicle/docs/reference/feed-management-api#azure_blobstore

Azure Key Vault logging

AZURE_KEYVAULT_AUDIT

Cloud Log Stream- JSON

CyberHub

Device Configuration

Prerequisites

  • An Azure Key Vault environment (tenant) in Azure.

  • A user who's a Global Administrator or Key Vault Administrator.

  • Azure Storage Account to store the logs or an Event Hub to stream the logs. 

As per Microsoft's architecture, while pulling data from EventHub requires a Storage Account Key/SAS Token, Blob Container, and Storage Account Name, as the marker for the EventHub is stored in the storage account.

Reference URLs:

How to create storage account: https://docs.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal

...

Parameters required from customer for Integration.

Via Azure EventHubC2C-Storage:

Property

Default Value

Description

Logging Source

AZURE URI

N/A

Select Storage

eventHubConnectionString

N/A

Event hub connection string

consumerGroupName

N/A

Optional and used if consumer Group is other than default

Account Key

Custom value

Access Key to access storage account

Blob Container

N/A

Storage blob Container name

Storage Account Name

Custom Value

Azure storage account name

Subscription

N/A

Set EventHub name

initialReadPolicy

N/A

N/A (keep default selection)

...

The URI pointing to a Azure Blob Storage blob or container. Container names are

insights-logs-auditevent

URI IS A

Directory which includes subdirectories

The type of object indicated by the URI. Valid values are:

  • FILES: The URI points to a single blob that will be ingested with each execution of the feed.

  • FOLDERS_RECURSIVE: The URI points to a Blob Storage container.

SOURCE DELETION OPTION

Never delete files

Source file deletion is not supported in Azure. This field's value must be set to SOURCE_DELETION_NEVER.

Shared Key OR SAS Token

 

A shared key, a 512-bit random string in base64 encoding, authorized to access Azure Blob Storage. Required if not specifying an SAS Token.
OR
A Shared Access Signature authorized to access the Azure Blob Storage container.

ASSET NAMESPACE

 

To assign an asset namespace to all events that are ingested from a particular feed, set the "namespace" field within details. The namespace field is a string.

 Via Azure EventHub [CyberHub]

Property

Default Value

Description

Logging Source

N/A

Select EventHub

eventHubConnectionString

N/AN/A (keep blank)

Event hub connection string

consumerGroupName

N/AN/A (keep blank)

Optional and used if consumer Group is other than default

Account Key

Custom Value

Access Key to access storage account

Blob Container

N/A

Storage blob Container name

e.g.
insights-activity-logs

Storage Account Name

Custom Value

Azure storage account name

Subscription

N/A

Subscription ID that customer wants to be monitoredSet EventHub name

initialReadPolicy

N/ASelect Beginning to start reading from beginning and End to start reading logs from the end

N/A (keep default selection)