mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-01-12 03:03:09 +01:00
46 lines
1.5 KiB
Plaintext
46 lines
1.5 KiB
Plaintext
# Module: azure
|
|
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-azure.html
|
|
|
|
- module: azure
|
|
# All logs
|
|
activitylogs:
|
|
enabled: true
|
|
var:
|
|
# eventhub name containing the activity logs, overwrite he default value if the logs are exported in a different eventhub
|
|
eventhub: "insights-operational-logs"
|
|
# consumer group name that has access to the event hub, we advise creating a dedicated consumer group for the azure module
|
|
consumer_group: "$Default"
|
|
# the connection string required to communicate with Event Hubs, steps to generate one here https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-get-connection-string
|
|
connection_string: ""
|
|
# the name of the storage account the state/offsets will be stored and updated
|
|
storage_account: ""
|
|
# the storage account key, this key will be used to authorize access to data in your storage account
|
|
storage_account_key: ""
|
|
|
|
platformlogs:
|
|
enabled: false
|
|
# var:
|
|
# eventhub: ""
|
|
# consumer_group: "$Default"
|
|
# connection_string: ""
|
|
# storage_account: ""
|
|
# storage_account_key: ""
|
|
|
|
|
|
auditlogs:
|
|
enabled: false
|
|
# var:
|
|
# eventhub: "insights-logs-auditlogs"
|
|
# consumer_group: "$Default"
|
|
# connection_string: ""
|
|
# storage_account: ""
|
|
# storage_account_key: ""
|
|
signinlogs:
|
|
enabled: false
|
|
# var:
|
|
# eventhub: "insights-logs-signinlogs"
|
|
# consumer_group: "$Default"
|
|
# connection_string: ""
|
|
# storage_account: ""
|
|
# storage_account_key: ""
|