How To Onboard Azure Threat Detection

Modified on Mon, 19 Feb at 1:50 AM


Before proceeding, ensure the following steps are completed:

Please configure "Enabled from selected virtual networks and IP addresses" option from under the networking with Prod NAT IP: in firewall for the storage account.

Step 1:

Attach below mentioned roles to the same app registration.

- Storage blob data reader

Step 2:

Require Diagnostic setting name which is configured to "Export Activity Logs" from under Monitor service to archive logs to a Storage account for the onboarded subscription id.

Setting Up Diagnostic Logging

If the diagnostic setting is not already present, please add it following the below instructions:

  1. Go to Monitor service.

  2. Go to "Activity Log" present on the left side menu.

  3. Select "Export Activity Logs"

  4. Click on "+ Add diagnostic setting". Enter the diagnostic setting name, select the log categories and for "Destination details" select "Archive to a storage account" and provide the necessary details.

  5. click save.

Setting Up Azure Threat Detection in CloudDefense.AI

Keep the Diagnostic setting name and storage account name used for archiving the logs handy for onboarding Azure threat detection in CloudDefense.

  1. Go to Threat Detection > Anomaly Detection.

  2. Click on "+ Connect Account".

  3. Enter the Diagnostic setting name configured for exporting activity logs.

  4. Enter the Storage Account Name which is used for archiving the activity logs.

  5. Click on Connect.

Note: Anomaly Detection requires 62 days of logs for model training to proceed with score observation. To enable it in the future, please go to the Anomaly detection page.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article