Zeron could be integrated with Microsoft Azure via the following methods:
- Azure Graph Log API - To monitor Azure Active Directory.
- Azure Log Analytics - To monitor Azure Platform and Services.
- Azure Storage - To monitor Azure Platform and Services.
Requirement for Log Analytics:
- Application ID
- Application Key
- Subscription ID
Requirement for Graph API:
- Application ID
- Application Key
- Tenant Domain
Requirement for Azure Storage:
- Container Name
- Account Name
- Account Key
Configuring Azure credentials
It is necessary to provide access credentials to the Zensor Azure module so it can successfully connect to Azure. The credentials required vary depending on the type of monitoring. Getting access credentials for Microsoft Graph and Log Analytics
For Microsoft Graph and Log Analytics valid application_id and application_key values are required. The necessary application_key value for a given App Registration in Azure Active Directory can be obtained from the Certificates & secrets section while the application_id can be obtained from the Overview section:
Click New Client Secret
Save the credentials (application ID and application key values) and send them to Zeron Team.
Getting access credentials for Storage
Azure Storage requires valid account_name and account_key values. They can be obtained in the Access keys section of Storage accounts:
ave the credentials (account_name , account_key and application ID and application key values) and send them to Zeron Team. Tenantdomain is required
Azure Storage Configuration
Azure Storage refers to the Microsoft Azure cloud storage solution, a service that provides a massively scalable object store for data objects, a messaging store for reliable messaging, a file system service for the cloud, and a NoSQL store. | As an alternative to the Azure Log Analytics REST API, Zeron offers the possibility to access Azure Storage accounts in a simple way. The activity logs of the Microsoft Azure infrastructure can be exported to the storage accounts. | This section explains how to use the Azure portal to archive the Azure activity log in a storage account and how to configure the azure-logs module. A use case is included to show a practical example.
Configuring the Activity log export
1. Audit logs
To export the logs, search for the Activity log service. It can be found by typing “Activity” in the search engine. From there, access the Audit Logs section and click on Export Data Settings.
2. Click on Add diagnostic setting.
3. diagonastics Logs:
Check the AuditLogs box and the Archive to storage account, selecting the name of the subscription and the Storage account to export the logs.
Azure Log Analytics
Azure Log Analytics is a service that monitors your infrastructure offering query capabilities that allow you to perform advanced searches specific to your data. The Log Analytics solution helps you to analyse and search the Azure activity log in all your Azure subscriptions, providing information about the operations performed with the resources of your subscriptions. The data collected by Log Analytics can be consulted through the Azure Log Analytics REST API. The Azure Log Analytics API uses the Azure Active Directory authentication scheme. A qualified application or client is required to use the Azure Log Analytics REST API. This must be configured manually on the Microsoft Azure portal.
Setting up the application
The process explained below details the creation of an application that will use the Azure Log Analytics REST API. It is also possible to configure an existing application. If this is the case, skip the Creating the application step.
Creating the application
In the Azure Active Directory panel, select the option App registrations. Then, select New registration.
Giving permissions to the application
1. Application (client) ID
Go to the Overview section and save the Application (client) ID for later authentication.
2. API Permission
Go to the API permissions section and add the required permissions to the application.
3. Log Analytics API
Search for the Log Analytics API.
4. Add Permission
Select the Read Log Analytics data permission from Applications permissions.
5. Grant admin consent
Grant admin consent for the tenant domain used for the permission added in the previous step. This must be done by an admin user.
Obtaining the application key for authentication
Select Certificates & secrets and fill in the Description and Expires fields. Copy the value once the key is saved. This is required to authenticate the application in order to use the Log Analytics API. | You can view previous topic configuring azure credentials
Giving our application access to the Log Analytics API
1. create a new workspace
Access Log Analytics workspaces and create a new workspace or choose an existing one. Then, copy the Workspace Id value from the Overview section. This will be used in the Zeron configuration to allow making requests to the API.
2. Add IAM Role
Add the required role to the application in the Access control (IAM) section by clicking the Add and selecting add role assignment.
3. Add Role assignment
Fill in the required fields and click save. It is important to choose the User, group, or service principal option in the drop-down menu and to type the full application name in the Select field.