Good afternoon!
I want to ingest Azure Activity Logs into our Chronicle instance. For that, I have found the following guide: Ingest Azure Activity Logs | Chronicle | Google Cloud
This guide explains how to obtain those logs but using 'shared key'. It worked fine for me too...but instead of doing it this way, I would like to do it using 'SAS token'.
I do not know the correct way to fill in the feed fields.
I have tried many ways (with simple URI, SAS URL...) but I have not been able to connect it correctly.
Has anyone been able to do this using 'SAS token'? If so, how have you filled in the feed fields?
Thanks!
Do you know what type of error you're getting?
Have you entered the SAS Token according to this Microsoft guide?
Thanks.
Hi @Rene_Figueroa !
First of all, I have created the token this way:
I have set the start date one day earlier just in case.
Then, I have configured the feed like this:
And I get the following error:
I have also tried configuring the feed with the full SAS URL.
This time I get a different error:
I think this last configuration may be the correct one, but I do not know why it fails.
What am I doing wrong?
Thanks!