Create a Post
Ken1
Explorer

Onboarding Azure logs to intelligence

Jump to solution

Hi,

I'm trying to onboarding Azure audit logs and flow logs to intelligence. I found documentation of `Onboarding Azure Subscriptions to Intelligence`, but there is no configuration of the Azure side.
How to prepare storage account of Azure for audit logs and flow logs?

 

0 Kudos
1 Solution

Accepted Solutions
Nir_Shamir
Employee
Employee

Yes , you need to create Storage account for User activity and for Flow Logs you just choose the NSGs :

User Activity logs

  • Need to create a storage account and archive audit and sign-ins to it:

Tutorial: Archive Azure AD logs to an Azure storage account

https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/quickstart-azure-monitor-...

View solution in original post

0 Kudos
3 Replies
Nir_Shamir
Employee
Employee

Hi,

When you start the process in the CSPM portal it gives you instructions on what to configure on your Azure Portal for this onboarding to work.

it's pretty straight forward and easy.

0 Kudos
Ken1
Explorer

Isn't it necessary to create a storage account on the Azure side beforehand? Even if I follow the instructions, the storage account does not appear.

コメント 2021-09-30 171621.png

0 Kudos
Nir_Shamir
Employee
Employee

Yes , you need to create Storage account for User activity and for Flow Logs you just choose the NSGs :

User Activity logs

  • Need to create a storage account and archive audit and sign-ins to it:

Tutorial: Archive Azure AD logs to an Azure storage account

https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/quickstart-azure-monitor-...

View solution in original post

0 Kudos