Configure - Azure Monitor

This guide will show you how to integrate Azure Monitor and logs into the Secure60 platform.

Overview

In this guide, you’ll learn how to export logs from Azure to integrate them into the Secure60 platform.

Prerequisites

• A Premium P1 or Premium P2 license for Azure Active Directory.
• Root or administrative privileges for installation.
• Secure60 Collector installed.

Setup Log Export in Azure

1. Create an Event Hub using the Azure portal. Refer to the Microsoft guide for instructions.
2. Create an Azure Storage account. Follow the Microsoft guide for details.
3. Search for “Sign-in events” in the Azure portal, then click on Export Data Settings and add a new diagnostic setting.
4. Wait for the Event Hubs entity to be auto-generated.

Setup Filebeat

Configure Filebeat with the following settings:

filebeat.inputs:
- type: azure-eventhub
  eventhub: "<entity-event-hubs>"
  consumer_group: "$Default"    
  connection_string: "<connection_string>"
  storage_account: "<storage_account>"
  storage_account_key: "<storage_account_key>"
  storage_account_container: "<entity-event-hubs>"

output.logstash:
  hosts: ["127.0.0.1:5044"]

Note: If multiple Event Hub entities are created, you must configure a separate - type: azure-eventhub section for each one.

Setup Secure60 Collector

Enable Azure integration in the Secure60 Collector by setting the following in the environment file:

ENABLE_AZURE=true

Logs will be viewable in the Secure60 portal.