Get Credentials of Azure Storage and Azure EventHub

Owned by Aparna Rr
Last updated: Apr 16, 2024
4 min read

To get credentials from Azure Storage

In case of Azure Storage, we can pull logs using Azure URI & Access Key OR using Azure URI & SAS token.

  1. To get Azure URI and Access Key

    1. Log in to Azure Portal i.e., https://portal.azure.com/

    2. Select All services. 

    3. Click Storage Account.

d. Select the Storage Account from which the logs needs to be pulled.

Screenshot 2024-03-26 at 10.10.18.png

e. Once you selected Storage Account, click Containers.

f. In Containers, select the container where you are storing your logs.

g. Once you selected the container, click Properties. You will get an URI here. Copy this URI to pull the logs.

h. Once you selected Storage Account, inside that click Access Keys and copy Access Key to pull the logs.

  1. To get Azure Storage SAS Token

a. Login to MS Azure portal i.e., https://portal.azure.com/

b. Navigate to the storage account 

c. Click Shared access signature 

d. Grant following minimum required permission to SAS Token

i. Allowed Services: Blob

ii. Allowed Resources Type: Container and Object

iii. Allowed Permission: Read and List

iv. Allowed Protocols: HTTPS only

v. Preferred routing tier:  Basic (default)

Start and expiry date/time indicates life cycle of the token (Valid from Start and expires on End date), keep life cycle of token long enough which does not stop log collection frequently, because of the invalid token. 

e. Select the pre-generated Signing key.

f. Click Generate SAS and connection string

g. Copy Generated SAS token and provide to the Adaptive MxDR Service Delivery Lead to configure on Chronicle.

To get credentials from Azure EventHub

  1. Log In to Azure Portal i.e., https://portal.azure.com/

  2. Select All services. 

  3. Select Event Hubs in the Analytics.

  4. From the list of event hubs, select your Event Hub Namespace.

  5. Select Event Hubs Instance (to which events are being forwarded) from the Name, down on the Event Hub Namespace page.

 

  1. In Event Hubs Instance, select Shared Access Policies.

  2. Select a shared access policy in the list of policies. Add a policy with listen permission and use that policy to pull the logs.

  1. Click copy next to the Connection string-primary key field.

For configuring EventHub, storage Account Key/SAS Token, Blob Container, and Storage Account Name are required because the marker for the event hub gets stored in the storage account.

Create a blob container (in case the container is not available to store the event hub marker), follow the below steps:

To create a container in the Azure portal, follow these steps

  1. Navigate to your new storage account in the Azure portal.

  2. In Data storage, click Containers.

  3. Select the + Container.

  4. Type a name for your new container. The container name must be lowercase, must start with a letter or number, and can include only letters, numbers, and the dash (-) character. For more information about container and blob names, see Naming and referencing containers, blobs, and metadata.

  5. The default level is Private (no anonymous access).

  6. Click Create to create the container.

 

About Accenture:
Accenture is a leading global professional services company that helps the world’s leading businesses, governments and other organizations build their digital core, optimize their operations, accelerate revenue growth and enhance citizen services—creating tangible value at speed and scale. We are a talent and innovation led company with 738,000 people serving clients in more than 120 countries. Technology is at the core of change today, and we are one of the world’s leaders in helping drive that change, with strong ecosystem relationships. We combine our strength in technology with unmatched industry experience, functional expertise and global delivery capability. We are uniquely able to deliver tangible outcomes because of our broad range of services, solutions and assets across Strategy & Consulting, Technology, Operations, Industry X and Accenture Song. These capabilities, together with our culture of shared success and commitment to creating 360° value, enable us to help our clients succeed and build trusted, lasting relationships. We measure our success by the 360° value we create for our clients, each other, our shareholders, partners and communities. Visit us at www.accenture.com.

About Accenture Security
Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.

Legal notice: Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. This document is intended for general informational purposes only and does not take into account the reader’s specific circumstances, and may not reflect the most current developments. Accenture disclaims, to the fullest extent permitted by applicable law, any and all liability for the accuracy and completeness of the information in this presentation and for any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit, or tax advice. Readers are responsible for obtaining such advice from their own legal counsel or other licensed professionals.