This section provides instructions for connecting Cloud App Security to your existing Azure account using the app connector API.
Setting up Azure for connection to Cloud App Security
Cloud App Security connects to Azure via Event Hubs. This section provides instruction for streaming all your Activity Logs to a single Event Hub in your subscription.
Step 1: Stream your Azure activity logs to Event Hubs
Stream the Azure Activity Log of your Azure subscription to an Event Hub. Follow the official guide in the Azure documentation: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-stream-activity-logs-event-hubs
If you have more than one Azure subscription, repeat this step for each subscription using a single Event Hub, shared across your subscriptions.
After completing the instructions, a new Event Hub will be created in the Namespace you chose.
If you get an error after trying to export the Activity Logs, go to Resource providers in Azure, on the left menu, and make sure that ‘microsoft.insights’ is registered.
Step 2: Get a connection string to your Event Hub
Go to the Event Hubs - Preview on the left menu.
Select your Event Hub Namespace.
In the menu, under Entities, click on Event Hubs.
Select the new Event Hub created by Azure Monitor. It is named insights-operational-logs.
It may take a few minutes until the Event Hub is created.
Create a new access policy that gives Cloud App Security permission to read from the Event Hub, by clicking on Shared access policies and then click Add.
Enter a name for the new policy, and make sure to include at least the Listen claim. When done, click Create.
Under Settings and then Shared access policies, click on the access policy you created.
In the Policy window, copy one of the connection strings by clicking on the button next to Connection string- Primary Key or Connection String- Secondary Key.
Step 3: Add Azure to Cloud App Security
In the Cloud App Security portal, click Investigate and then Connected apps.
In the App connectors page, click the plus sign button and select Microsoft Azure.
In the Connection string field, paste the connection string you copied in the previous step.
In the Consumer group field, type:
If you created a different consumer group to be used, use that Consumer group name.
Click Connect to connect and test the connection. It may take a couple of minutes. After receiving a success notice, click Close.
This feature is in public preview.