Authentication options
You need to provide access credentials to the Wazuh Azure module so it can successfully connect to Azure.
There are different ways to configure the Azure authentication:
Using an authentication file
It is possible to store the credentials in a file for authentication as long as the file’s content follows the field = value format explained below.
The fields expected to be present in the credentials file will change depending on the type of service or activity to be monitored:
Microsoft Graph or Log Analytics:
application_id = 317...764
application_key = wUj...9cj
Storage:
account_name = exampleaccountname
account_key = wr+...jOQ
Take a look at the azure-logs wodle section from ossec.conf
reference page for more information about these parameters.
Inserting the credentials into the configuration
Another available option to set up credentials is writing them right into the Wazuh configuration file (/var/ossec/etc/ossec.conf
), inside of the graph
, <log_analytics>
or storage
blocks on the module configuration.
The tags to use are different depending on the type of service or activity to be monitored:
Microsoft Graph or Log Analytics:
<graph>
<application_id>8b7...c14</application_id>
<application_key>w22...91x</application_key>
</graph>
<log_analytics>
<application_id>8b7...c14</application_id>
<application_key>w22...91x</application_key>
</log_analytics>
Storage:
<storage>
<account_name>exampleaccountname</account_name>
<account_key>w22...91x</account_key>
</storage>
Take a look at the azure-logs wodle entry from the ossec.conf
reference page for more information about the parameters.