This topic describes the steps to configure Microsoft Cloud App Security logs.
Prerequisites
- Administrator login credentials.
Configuring Microsoft Cloud App Security logs
1. Sign in to the Microsoft Cloud App Security portal.
2. In the Settings menu, navigate to Security extensions.
3. From Security Extensions > API tokens, select the + button in the top right to generate a new token.
4. Enter a name for this new token and select the Generate button. Copy both the token and URL, and close the window.
Note: Please save your token, as it will not regenerate again.
Configuring a feed in Chronicle to ingest Microsoft Cloud App Security logs
1. From the Chronicle menu, select Settings
2. Click Feeds
3. Click Add new
4. Select Microsoft Azure Blob Storage as the Source type
5. Select Microsoft CASB as the Log type to create a feed for Microsoft Cloud App Security logs
6. Click Next
7. Configure the following input parameters:
- Azure URI: Specify the URL that you obtained previously on step 4.
- URI is a: Specify Directory which includes subdirectories.
- Source deletion option: Specify Never delete files.
- Key: Specify the token value that you obtained previously on step 4.
8. Click Next, and then click Submit.
Comments
0 comments
Please sign in to leave a comment.