Accenture MDR Quick Start Guide to Get Credentials for Azure Storage and Azure Event HUB

Owned by KM (Unlicensed)
Last updated: Aug 05, 2022 by KS
4 min read

This quick start guide will help Accenture MDR customers obtain credentials for Azure Storage and Azure Event Hub from the below supported options.

The document includes the following topics:

Steps to get credentials from Azure Storage

In case of Azure Storage, we can pull logs using Account Name and Key or using SAS token.

a. How to get Azure Storage Account Key and Account Name?

  1. Log In to Azure Portal i.e https://portal.azure.com/

2. Select All services on the left navigational menu.

3. Search for Storage Account.

4. Select the Storage Account from which the logs needs to be pulled and then select Access Key.

5. Copy the Storage account name and Key to pull the logs.

b. How to get Azure Storage SAS Token?

  1. Login to MS Azure portal i.e https://portal.azure.com/

2. Navigate to the storage account 

3. Click Shared access signature 

4. Grant following minimum required permission to SAS Token

  • Allowed Services: Blob

  • Allowed Resources Type: Container and Object

  • Allowed Permission: Read and List

  • Allowed Protocols: HTTPS only

  • Preferred routing tier:  Basic (default)

  • Note: Start and expiry date/time indicates life cycle of the token(Valid from Start and Expires on End), keep life cycle of token long enough which does not stop log collection frequently, because of the invalid token. 

5. Select the pre-generated Signing key from the drop-down.

6. Click Generate SAS and connection string

7. Copy Generated SAS token and provide to the MDR Team to configure on LCP UI.

Steps to get connection string to pull the logs from Event HUB

1. Log In to Azure Portal i.e https://portal.azure.com/
2. Select All services on the left navigational menu.
3. Select Event Hubs in the Analytics section.
4. From the list of event hubs, select your Event Hub Namespace.
5. Select Event Hubs Instance (to which events are being forwarded) from the Name, down on the Event Hub Namespace page.

6. On theEvent Hubs Instance page, select Shared Access Policies on the left menu.

7. Select a shared access policy in the list of policies. Add a policy with listen permission, and use that policy to pull the logs.

  8. Select the copy button next to the Connection string-primary key field.

Note: For configuring EventHub, storage Account Key/SAS Token, Blob Container, and Storage Account Name are required because the marker for the event hub gets stored in the storage account.

Below are the steps to create a blob container (in case the container is not available to store the event hub marker) :

Create a container

To create a container in the Azure portal, follow these steps:

  1. Navigate to your new storage account in the Azure portal.

  2. In the left menu for the storage account, scroll to the Data storage section, then select Containers.

  3. Select the + Container button.

  4. Type a name for your new container. The container name must be lowercase, must start with a letter or number, and can include only letters, numbers, and the dash (-) character. For more information about container and blob names, see Naming and referencing containers, blobs, and metadata.

  5. The default level is Private (no anonymous access).

  6. Select Create to create the container.

Note: to configure storage Account Key/SAS Token for blob container follow above steps mention in, Steps to get credentials from Azure Storage

 

Legal Notice

Copyright © 2021 Accenture. All rights reserved.

Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.