Integrate with Azure Log Analytics service to publish the events. As part of this integration, you can export Anti-Malware, Intrusion Detection, Intrusion Prevention, File Integrity Monitoring, and Monitoring events into the Azure Log Analytics service.
Before you integrate, you must ensure that the following prerequisites are fulfilled:
A valid Log Analytics workspace is created in the Azure portal. Refer to the Azure documentation on how to create workspace.
Keep the Log Analytics workspace ID and shared key handy.
To configure integration with Azure Log Analytics
Go to Azure portal.
Create a Log Analytics workspace.
In the Cloud Workload Protection console, go to the Settings > Azure Connection page.
In the Azure Connection page, press the Azure Log Analytics Integration tab.
Provide details for the following:
Publish Events to Azure Log Analytics
Select the checkbox to publish the Cloud Workload Protection events to the Azure portal.
Provide the Log Analytics workspace ID that you created in the Azure portal. This is required for authentication to invoke the REST APIs.
Provide the shared key for authenticating to invoke the REST APIs. The shared key can be fetched from the Advanced Settings section of the Log Analytics workspace in the Azure portal.
Select the region where your Azure workspace is created.
Provide the workspace name.
Press the tabs of this section to view the event details. The events that are published in the Azure Log Analytics are:
Anti-Malware events for Cloud Workload Protection
Policy Violation (Storage)
Subscribing will provide email updates when this Article is updated. Login is required.