Microsoft Azure Key Vault
| SamurAI [Local] Collector | SamurAI [Cloud] Collector |
|---|---|
 |
This guide describes the steps required to configure Microsoft Azure to send Azure Key Vault logs to a Storage account for ingestion to Samurai via a cloud collector.
Ensure that a cloud collector has been deployed via the SamurAI Portal.
Take note of the name of the storage account created and which subscription it resides in. This will be used later when setting up the telemetry sources.
If you are planning to reuse an already deployed cloud collector, the information about the created storage account and subscription can be found via:
- Navigate to the SamurAI Portal.
- Click Telemetry and select Collectors from the main menu
- Click on the name of the desired collector.
- Note down information about the:
- Subscription
- Storage account name
Alternatively, you can utilize the integration setup wizard via the SamurAI Portal for the desired telemetry source listed on Product Integration Guide page which shall provide you the same information required to setup your telemetry source.
Enabling Azure Key Vault logs
Follow the vendor documentation guide to enable Azure Key Vault logging:
When following the documentation, please perform the following adjustments:
Select the following log categories
- Audit
- allLogs
Ensure when configuring the Destination Details to select Archive to storage account. When selecting the Storage Account ensure it references the storage account that was setup during the creation of the cloud collector.
Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the SamurAI MDR Portal and we shall get it updated.