SmartConnector for Microsoft Azure Monitor Event Hub

2 Likes

The Microsoft Azure Monitor Event Hub guide can be found here

Labels:

SmartConnector
Smart Connectors
Comment List
Anonymous
  • Thank you we are now looking into the details on how to implement it.

    The Question I got is whether this adapter uses a push or pull mechanism to get event data from Azure Functions to the on-premises ArcSight Connector appliance.

    The documenatation is not very extensive on how this works. We migt have other follow up questions, if they arise I will post it

     

  • Need the arcsight-azure-monitor-eventhub-connector-7.10.0.zip connector. Also need information on how to go ahead with configuration. The connector is on premise (windows server 2012) and not on Azure cloud.

  • We are also looking into the Azure Event HUB connector for ArcSight replacing Microsoft AZLog which is EOL in June 2019.

    The questions we have:

    1. We would like a clear cut in setting up the Event Hub in Azure itself and actually consuming the events from it. In the current version of the docs it states that upon install the Event Hubs are created inside Azure.  Is there a possibility to attach/connect the connector to an existing Event Hub inside Azure?

    2. There is no information on capacity/throughput provided in the docs, can anyone state how much events they are pushing towards the ArcSight environment on-prem using this Azure event HUB approach?

     

    Regards, Richard

    Achmea

     

     

  • Does Azure EventHub connector support App Service Environment Isolated

    According to the document it has App service plan and Consumption

  • This is a somewhat different connector/solution and i'm still on the fence to put effort in to deploy it due to its complexity.  Also, we might have to pay extra for Azure Function App / monitor data usage.    At the moment, i'm specifically interested in sign-in logs and I am able to view the log data in Azure.  There are lots of fields available!  However, it would be very helpful to know what data fields this solution collects.  A 'Device Event Mapping to ArcSight Fields / Mappings' section of this guide will be very helpful for me to understand the data that this is able to collect and justify utilizing this connector.  Even some ESM screenshots of sample data would be helpful.  Thanks!

  • Hi, thanks for clarifying the emitter file name.  I also had some other issues/questions, See support ticket SD02362634.  I recommend to clarify if this solution is able to be installed on premise.  I was given two different answers.   Page 6 says "Certified Platforms for Azure Event Hubs Deployment Operating System: : Microsoft Windows Server 2012 ( in the cloud with Azure)."   Can the Windows 2012 server the connector is installed on be on premise?  or does it required to be in Azure infrastructure?  My syslog connectors are on prem.  Thanks!

  • Thanks to Arcsight support guys from Prague .The mystery has been resolved...

    there is a typo in documentation ... 

    the file located to the same location with connector binaries... and the name is 

    arcsight-azure-monitor-eventhub-connector-7.10.0.zip

  • The hunting of the zip file......

  • Can anyone please wake Daniela up. 

    I need this file also

  • Hi Daniela,

    Within the content of the pdf a zip file is referenced. arcsight-azure-cloud-emitter.zip
    This is nowhere to be found...

    In the past, there was a Supporting Files folder within the SmartConnectors Documentation ZIP file. Latest version it does not exist.. I expected the referenced file to be there.

    BR.

    Dimitris

Related Discussions
Recommended