This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Ingest Azure Activity Logs

Posted 3 weeks ago
Mireia
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Good afternoon!

 

I want to ingest Azure Activity Logs into our Chronicle instance. For that, I have found the following guide: Ingest Azure Activity Logs  |  Chronicle  |  Google Cloud

This guide explains how to obtain those logs but using 'shared key'. It worked fine for me too...but instead of doing it this way, I would like to do it using 'SAS token'.

I do not know the correct way to fill in the feed fields.

Mireia_0-1713191662564.png

I have tried many ways (with simple URI, SAS URL...) but I have not been able to connect it correctly.

Has anyone been able to do this using 'SAS token'? If so, how have you filled in the feed fields?

 

Thanks!

1 2 115
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
Rene_Figueroa
Staff
Reply posted on --/--/---- --:-- AM

Do you know what type of error you're getting? 

Have you entered the SAS Token according to this Microsoft guide

Thanks.

Posted on --/--/---- --:-- AM
Mireia
Bronze 3
Bronze 3
In response to Rene_Figueroa
Reply posted on --/--/---- --:-- AM

Hi @Rene_Figueroa !

First of all, I have created the token this way:

Mireia_0-1713249698819.png

I have set the start date one day earlier just in case.


Then, I have configured the feed like this:

Mireia_1-1713250029135.png

And I get the following error:

Mireia_2-1713250095014.png

I have also tried configuring the feed with the full SAS URL. 

Mireia_3-1713250292346.png

This time I get a different error:

Mireia_4-1713250497422.png

I think this last configuration may be the correct one, but I do not know why it fails.

What am I doing wrong?

Thanks!

Top Solution Authors
View all