Azure Real-Time Events Onboarding
TABLE OF CONTENTS
Introduction to Azure Events
Aqua CSPM Events provides real-time visibility into the API activity happening inside of your Azure account. Real-time events leverage the Azure Monitor service using the Activity Log and Activity Log Alert Rules. These rules are then sent using a Webhook to the Aqua CSPM receiver endpoint for processing. Once an event is processed the event will then send notifications to applicable integrations and a log of each event can be viewed at https://cloud.aquasec.com/events.
To read more about Events, see Real-Time Events Overview.
Setting up Events
Follow the below steps to configure Events for your Azure account:
- Step 1: Ensure your Azure account is connected
- Step 2: Begin the Events connection process
- Step 3: Complete the Events connection process
- Step 4: Validate the Events connection
Step 1: Ensure your Azure account is connected
- Follow the onboarding steps to ensure your Azure account is connected to Aqua CSPM.
- Ensure that your account appears on the Cloud Accounts page and is "enabled" for scanning.
Step 2: Begin the Events connection process
- From the Aqua CSPM console, navigate to the Event Connection Wizard or Navigate to CSPM -> Events and click Set Up Events.
- Select your Azure cloud account from the drop-down list.
If your account is not in the list, repeat step 1 to ensure it is properly connected and scanning.
Step 3: Complete the Events connection process
- Navigate to https://cloud.aquasec.com/events and select Set Up Events.
- Select an Azure cloud account and copy the onboarding script.
- There are multiple options for deploying the script, but it must be done using Powershell. Option 1 is to run the copied script using a local Powershell terminal. Option 2 is to open Powershell via Cloud Shell in the Azure console.
Option 2:
- When the script completes the event service should be connected. Please wait up to 10 minutes for the first event to publish to the CSPM events console.
Step 4: Validate the Events connection
- Once you complete the deployment, you can monitor the Events page for any new events produced in your Azure account.
- To trigger a test event, try adding a security group rule to an existing security group and then deleting it. This will trigger the Events service and save the event.
Event costs in Azure
The cost of events are as follow:
- Activity Log Alert Rules: Free
- Webhook to route Activity Log Alert Rules: $0.60/1,000,000 webhooks
Did you find it helpful? Yes No
Send feedbackSorry we couldn't be helpful. Help us improve this article with your feedback.