Skip to content

Azure Blob Storage

Cyderes supports the ingestion of logs from Azure Blob Storage. Blob Storage is a scalable and secure object storage.

Azure App Prerequisite

For this integration, an Azure App must be created. More information can be found about how to do that in the documentation here.

Recommendation: Leverage the Google SecOps Feed for logs stored in a cloud storage bucket

Cyderes recommends leveraging the built in Google Cloud SecOps feeds as an easy, self-service way to quickly enhance your security visibility for this log source. The feed can be enabled with minimal effort, providing immediate access to quality, continuously updated intelligence that works natively in your Google Cloud SecOps environment for fast enrichment and correlation of security signals.

This option is ideal for teams looking for rapid value and operational simplicity, while still leaving room to evolve. As your requirements mature, custom integrations can further tailor data sources to your specific environment building on the same foundations.

The SecOps feed can be set up via self service through your Google SecOps instances Feeds menu, read more information on Google's Doc Site regarding feed management and adding a new feed. The doc goes over critial information like IP allowlisting, configuration, and other feed management features.

If you choose to not continue with the SecOps feed option please continue reading this document to understand what Cyderes needs to complete this integration.

Cyderes Object Storage Best Practices

Best Practices

Chronicle Data Types

Since Blob Storage is a generic object storage solution. Cyderes can collect any data type as long as the data is separated by containers.

Caveats / Known Limitations

  • This integration can only ingest one data type per container in Azure Storage
  • This integration can only authenticate via Azure Active Directory App with the method described in the CYDERES Azure App Registration guide
  • Notifications are currently not supported for Azure Blob Storage

Configuration

  1. Create an Azure App for Cyderes (Cyderes documentation)
  2. Create a blob storage account (Azure documentation)
  3. Set access to Azure Active Directory and assign the role "Blob Storage Data Reader" to the Azure App from the first step (Azure documentation)
  4. Create containers for each separate data type

Gather Information

Note

Please include the credential's expiration date if available

Provide the following information to Cyderes to complete implementation:

  • Storage Account Name
  • Identity (Azure Active Directory App)
    • Application (client) ID
    • Directory (tenant) ID
    • Secret ID
    • Secret Value
  • Each blob container name and type of data going into its respective container