Prerequisite: This guide only covers how to add data sources after the Azure Event Hub integration is created. To set up the integration, see this guide: API – Azure Event Hub.
Once the integration is created, return to this Adding Sources guide to start sending data into your Event Hub for Huntress to collect.
After creating the integration between Huntress and Azure Event Hub, you can start sending Azure data to the Event Hub for Huntress to collect. To do this, for each application you wish to send telemetry from, follow these steps:
- Navigate to the Azure App you're seeking data from.
-
In the left hand navigation bar, expand the "Monitoring" section, and select "Diagnostic settings".
-
Select "Add diagnostic setting".
-
From the left side, select any logs or metrics that you wish to include in Huntress.
-
From the right side, enable the checkbox for "Stream to an event hub".
- Select the appropriate Subscription, Event hub namespace, and Event hub name from the drop-downs.
-
Set a "Diagnostic setting name" then select Save in the top left.
- Repeat these steps for each app you wish to send to Huntress. Please give each newly configured app up to 30 minutes to begin sending logs, depending on how much activity the application is generating.