This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

Ingest Azure Activity Logs

Posted on 04-15-2024 07:39 AM
Mireia
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Good afternoon!

 

I want to ingest Azure Activity Logs into our Chronicle instance. For that, I have found the following guide: Ingest Azure Activity Logs  |  Chronicle  |  Google Cloud

This guide explains how to obtain those logs but using 'shared key'. It worked fine for me too...but instead of doing it this way, I would like to do it using 'SAS token'.

I do not know the correct way to fill in the feed fields.

Mireia_0-1713191662564.png

I have tried many ways (with simple URI, SAS URL...) but I have not been able to connect it correctly.

Has anyone been able to do this using 'SAS token'? If so, how have you filled in the feed fields?

 

Thanks!

1 2 476
Topic Labels
2 REPLIES 2
Top Solution Authors
View all