Skip to main content

Azure Monitor

License Apache-2.0GitHub release (latest SemVer)OWASP Lab ProjectArtifact HUBGitHub Repo starsTwitter Follower

What is "Persistence Azure Monitor" Hook about?

The Azure Monitor persistenceProvider hook saves all findings and reports into the configured Azure Monitor workspace using the Data Collector API. This allows working with the data in Azure Monitor or Microsoft Sentinel to configure alerting based on new findings. It will create a custom log type for every scantype titled SCB_[scantype_name].

Installing the Azure Monitor persistenceProvider hook will add a ReadOnly Hook to your namespace.

Deployment

The persistence-azure-monitor chart can be deployed via helm:

# Install HelmChart (use -n to configure another namespace)
helm upgrade --install persistence-azure-monitor secureCodeBox/persistence-azure-monitor

Requirements

Kubernetes: >=v1.11.0-0

Additional Chart Configurations

The hook requires the Azure Monitor Workspace ID and its Primary Key for authentication. For details on how to find them, see this page. Create a Kubernetes secret with these values using

# Create the secret (use a leading space to avoid having secrets in your shell history)
# Replace "workspace=your-workspace-id" with your Workspace ID
# Replace "sharedkey=your-shared-key" with your Primary Key
kubectl create secret generic azure-monitor --from-literal=workspace=your-workspace-id --from-literal=sharedkey=your-shared-key

Then, configure the hook to use this secret when installing it:

helm upgrade --install persistence-azure-monitor . --wait \
--set="monitor.authentication.apiKeySecret="azure-monitor""

Values

KeyTypeDefaultDescription
hook.affinityobject{}Optional affinity settings that control how the hook job is scheduled (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/)
hook.image.pullPolicystring"IfNotPresent"Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
hook.image.repositorystring"docker.io/securecodebox/hook-persistence-azure-monitor"Hook image repository
hook.image.tagstringdefaults to the charts versionContainer image tag
hook.labelsobject{}Add Kubernetes Labels to the hook definition
hook.priorityint0Hook priority. Higher priority Hooks are guaranteed to execute before low priority Hooks.
hook.resourcesobject{ requests: { cpu: "200m", memory: "100Mi" }, limits: { cpu: "400m", memory: "200Mi" } }Optional resources lets you control resource limits and requests for the hook container. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
hook.tolerationslist[]Optional tolerations settings that control how the hook job is scheduled (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
hook.ttlSecondsAfterFinishedstringnilSeconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
imagePullSecretslist[]Define imagePullSecrets when a private registry is used (see: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/)
monitor.authenticationobject{"apiKeySecret":null}Configure authentication schema and credentials the persistence provider should use to connect to Azure Monitor
monitor.authentication.apiKeySecretstringnilLink a pre-existing generic secret with workspace and sharedkey key / value pairs
monitor.logtypePrefixstring"SCB"

License

License

Code of secureCodeBox is licensed under the Apache License 2.0.