Azure Integration

InsightFinder can source the logs from Microsoft Azure and correlate it with other data to generate anomalies and root causes. Below documentation is a walk through of how to configure Azure and InsightFinder integration.

Project Creation

  1. Go to “Settings”->“System Settings”. Click on “Add New Project”.
  2. Select “Microsoft Azure” from the list and click on “Create Project” on the next page.
  3. This is where you will start configuring the project.
    1. Client Id, Client Secret, Tenant Id, Subscription id, – Use your MS Azure authentication key information here.
    2. Data Type – Log
      (See Figure 1)
  4. Click on “Verify” and you will be taken to the next page if verification is successful.
  5. Select “Workspace” from the dropdown and add table by clicking on “Add” and then selecting the table from the list. You need to select the field in that table for instance and timestamp in the fields in that row. These selections will be based on what you want to configure for your analytics in the InsightFinder.
    (See Figure 2, 3, and 4)
  6. Then on the next page, you can type in the “Project Name” and “System Name” and click on Register. You can also define detection keywords and Incident labels.
    1. Detection keywords/regular expressions are used to detect which log entries will produce allowlist alerts.
    2. Incident labels/regex are used to identify which log entries indicate incidents.
      (See Figure 5)
  7. Once a project is successfully created, you will see a message like below.
    (See Figure 6)
  8. Once a project is successfully created, you can see the data streaming using the Log Analysis page.
    (See Figure 7)

Project Configuration

Information needed: Microsoft Azure credentials are required for the authentication step.

  1. You need to have a subscription with MS Azure. When you click into the subscription, you will get your subscription Id.
    (See Figure 8 and 9)
  2. Go to “Azure Active Directory” and then “App Registration”. Register a new app. Once your app is registered, you can go into the app and get a client Id and tenant ID.
    (See Figure 10 and 11)
  3. Then you can generate the client secret by going to the “certificates & secrets” page.
    (See Figure 12)
  4. Next step is to add permission to the app. Go to the IAM page for a subscription. And “Add role assignment”.
    (See Figure 13)
  5. Select the “Reader” role for this app.
    (See Figure 14)
  6. On the next screen, select “User, group or service principal”. A side bar will appear on the right. Search for your app there, select it and complete that step. You app will get the reader role.
    (See Figure 15)
  7. Once you complete it, you are ready with all the required credentials to integrate with InsightFinder.

Workspace Creation

  1. Go to Azure home and search for “Log Analytics workspaces” and click on “Create”.
  2. You can go to this link directly
  3. Select your subscription, resource group, assign a name and select region.
    (See Figure 16)
  4. Click on “Review + Create”. On the next page review your settings and click “Create”. You should have your log analytics workspace ready to go.

Figures

Click on an image to expand.