This section provides instructions for connecting Cloud App Security to your existing Azure account using the app connector API.
Setting up Azure for connection to Cloud App Security
Cloud App Security connects to Azure via Event Hubs. This section provides instruction for streaming all your Activity Logs to a single Event Hub in your subscription.
Step 1: Stream your Azure activity logs to Event Hubs
Stream the Azure Activity Log of your Azure subscription to an Event Hub. Follow the official guide in the Azure documentation: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-stream-activity-logs-event-hubs
If you have more than one Azure subscription, repeat this for each subscription but use a single Event Hub that will be shared across your subscriptions.
After completing the instructions, a new Event Hub will be created in the Namespace you chose.
If you get an error after trying to export the Activity Logs, go to the Resource providers blade in Azure and make sure that ‘microsoft.insights’ is registered.
Step 2: Get a connection string to your Event Hub
Go to the Event Hubs blade.
Select your Event Hub Namespace.
In the menu, under Entities, click on Event Hubs.
Select the new Event Hub created by Azure Monitor. It is named insights-operational-logs.
It make take a few minutes until the Event Hub is created.
Create a new access policy that gives Cloud App Security permission to read from the Event Hub, by clicking on Shared access policies and then click Add.
Enter a name for the new policy, and make sure to include at least the Listen claim. When done, click Create.
Under Settings and then Shared access policies, click on the access policy you just created.
In the Policy window, copy one of the connection strings by clicking on the button next to the Connection string- Primary Key or Connection String- Secondary Key.
Step 3: Add Azure to Cloud App Security
In the Cloud App Security portal, click Investigate and then Connected apps.
In the App connectors page, click the plus sign button and select Microsoft Azure.
In the Connection string field, paste the connection string you copied in the previous step.
In the Consumer group field, type:
If you created a different consumer group to be used, use that Consumer group name.
Make sure the connection succeeded by clicking Test API.
Testing may take a couple of minutes. After receiving a success notice, click Close.