Azure Monitor
What is "Persistence Azure Monitor" Hook about?​
The Azure Monitor persistenceProvider hook saves all findings and reports into the configured Azure Monitor workspace using the Data Collector API. This allows working with the data in Azure Monitor or Microsoft Sentinel to configure alerting based on new findings. It will create a custom log type for every scantype titled SCB_[scantype_name].
Installing the Azure Monitor persistenceProvider hook will add a ReadOnly Hook to your namespace.
Deployment​
The persistence-azure-monitor chart can be deployed via helm:
# Install HelmChart (use -n to configure another namespace)
helm upgrade --install persistence-azure-monitor secureCodeBox/persistence-azure-monitor
Requirements​
Kubernetes: >=v1.11.0-0
Additional Chart Configurations​
The hook requires the Azure Monitor Workspace ID and its Primary Key for authentication. For details on how to find them, see this page. Create a Kubernetes secret with these values using
# Create the secret (use a leading space to avoid having secrets in your shell history)
# Replace "workspace=your-workspace-id" with your Workspace ID
# Replace "sharedkey=your-shared-key" with your Primary Key
kubectl create secret generic azure-monitor --from-literal=workspace=your-workspace-id --from-literal=sharedkey=your-shared-key
Then, configure the hook to use this secret when installing it:
helm upgrade --install persistence-azure-monitor . --wait \
--set="monitor.authentication.apiKeySecret="azure-monitor""
Values​
| Key | Type | Default | Description |
|---|---|---|---|
| hook.affinity | object | {} | Optional affinity settings that control how the hook job is scheduled (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/) |
| hook.image.pullPolicy | string | "IfNotPresent" | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
| hook.image.repository | string | "docker.io/securecodebox/hook-persistence-azure-monitor" | Hook image repository |
| hook.image.tag | string | defaults to the charts version | Container image tag |
| hook.labels | object | {} | Add Kubernetes Labels to the hook definition |
| hook.priority | int | 0 | Hook priority. Higher priority Hooks are guaranteed to execute before low priority Hooks. |
| hook.tolerations | list | [] | Optional tolerations settings that control how the hook job is scheduled (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
| hook.ttlSecondsAfterFinished | string | nil | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
| monitor.authentication | object | {"apiKeySecret":null} | Configure authentication schema and credentials the persistence provider should use to connect to Azure Monitor |
| monitor.authentication.apiKeySecret | string | nil | Link a pre-existing generic secret with workspace and sharedkey key / value pairs |
| monitor.logtypePrefix | string | "SCB" |
License​
Code of secureCodeBox is licensed under the Apache License 2.0.