Microsoft Azure Kubernetes Service

Owned by Aparna Rr
Last updated: Aug 19, 2024
2 min read

About the Device

Azure Kubernetes Service (AKS) is a managed Kubernetes service that you can use to deploy and manage containerized applications. You need minimal container orchestration expertise to use AKS. AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure. AKS is an ideal platform for deploying and managing containerized applications that require high availability, scalability, and portability, and for deploying applications to multiple regions, using open-source tools, and integrating with existing DevOps tools. 

Device Information

 Entity

Particulars

 Entity

Particulars

Vendor Name

Microsoft

Product Name

Azure Kubernetes Service

Type of Device

Cloud

Collection Method

 

Log Type

 Ingestion label

Preferred Logging Protocol - Format

Log collection method

Data Source

 

Log Type

 Ingestion label

Preferred Logging Protocol - Format

Log collection method

Data Source

 Kubernetes Audit Azure

 KUBERNETES_AUDIT_AZURE

Cloud Storage - JSON

 C2C - Storage

https://cloud.google.com/chronicle/docs/reference/feed-management-api#azure_blobstore

 

Device Configuration

Prerequisites

  • An Azure subscription that you can sign in to.

  • An Azure Kubernetes Service environment in Azure

  • A user who's a Global Administrator or Azure Kubernetes Service Administrator.

  • Azure Storage Account to store the logs.

Reference URLs

Configurations Steps

  1. In the Azure portal, select your Kubernetes Services from the menu.

  2. Select Cluster for which you want to enable logging.

p1.png

  1. In Monitoring, select Diagnostic settings.

  1. Click Add diagnostic setting and select all the categories under Logs.

  2. Select Archive to storage account in Destination details to store logs to storage account.

  1. Once you select Archive to storage account, you need to choose an existing Subscription and Storage account.

  2. Click Save.

How you can get credentials of Azure Storage:

Integration Parameters

Parameter Display Name

Default Value

Description

Parameter Display Name

Default Value

Description

AZURE URI

N/A

The URI pointing to a Azure Blob Storage blob or container. Container names are insights-logs-signinlogs , insights-logs-auditlogs & RiskyUsers

URI IS A

Directory which includes subdirectories

The type of object indicated by the URI. Valid values are:

  • FILES: The URI points to a single blob that will be ingested with each execution of the feed.

  • FOLDERS_RECURSIVE: The URI points to a Blob Storage container.

SOURCE DELETION OPTION

Never delete files

Source file deletion is not supported in Azure. This field's value must be set to SOURCE_DELETION_NEVER.

Shared Key OR SAS Token

 

A shared key, a 512-bit random string in base64 encoding, authorized to access Azure Blob Storage. Required if not specifying an SAS Token.
OR
A Shared Access Signature authorized to access the Azure Blob Storage container.

ASSET NAMESPACE

 

To assign an asset namespace to all events that are ingested from a particular feed, set the "namespace" field within details. The namespace field is a string.

About Accenture:
Accenture is a leading global professional services company that helps the world’s leading businesses, governments and other organizations build their digital core, optimize their operations, accelerate revenue growth and enhance citizen services—creating tangible value at speed and scale. We are a talent and innovation led company with 738,000 people serving clients in more than 120 countries. Technology is at the core of change today, and we are one of the world’s leaders in helping drive that change, with strong ecosystem relationships. We combine our strength in technology with unmatched industry experience, functional expertise and global delivery capability. We are uniquely able to deliver tangible outcomes because of our broad range of services, solutions and assets across Strategy & Consulting, Technology, Operations, Industry X and Accenture Song. These capabilities, together with our culture of shared success and commitment to creating 360° value, enable us to help our clients succeed and build trusted, lasting relationships. We measure our success by the 360° value we create for our clients, each other, our shareholders, partners and communities. Visit us at www.accenture.com.

About Accenture Security
Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.

Legal notice: Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. This document is intended for general informational purposes only and does not take into account the reader’s specific circumstances, and may not reflect the most current developments. Accenture disclaims, to the fullest extent permitted by applicable law, any and all liability for the accuracy and completeness of the information in this presentation and for any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit, or tax advice. Readers are responsible for obtaining such advice from their own legal counsel or other licensed professionals.