Configure a Storage Account
Complete the following steps to configure a Storage account:
- In the Azure console, search for Storage accounts.
- Click Create.
- Select the Subscription, Resource Group, region, performance (recommend Standard), and Redundancy (recommend GRS or LRS) needed for the account, enter a name for the new Storage Account.
- Click Review + Create, review the overview of the account and click Create.
- Go to storage accounts on the home page
- Click on the account you just created
- Go the endpoints and copy the blob service URL
- Go to access keys and copy the either of the key(s).
Configure a feed in Chronicle
Complete the following steps to configure a feed in Chronicle to ingest the Azure logs:
- Go to Chronicle settings and click Feeds.
- Click Add New.
- Select Microsoft Azure Blob Storage for Source Type.
- Select Azure Firewall for Log Type.
- Click Next.
- Under Azure URI, enter the Blob Service endpoint value you recorded earlier.
- Under URI Source Type, select Never delete Files.
- Under Shared key, enter the shared key value you captured earlier.
- Give a Namespace.
- Click Next and Submit.