Microsoft Azure Platform

The IBM® QRadar® DSM for Microsoft Azure Platform parses events from the Microsoft Azure Activity log.

The Microsoft Azure Platform DSM collects events that occur at the platform level; such as resource creation, modification, or deletion. For a list of supported event types, see Microsoft Azure Platform DSM specifications.

To integrate Microsoft Azure Platform with QRadar, complete the following steps:
  1. If automatic updates are not enabled, RPMs are available for download from the IBM support website. Download and install the most recent version of the following RPMs on your QRadar Console.
    • Protocol Common RPM
    • Protocol Event Hubs RPM
    • DSM Common RPM
    • Microsoft Azure Platform DSM RPM
  2. Optional: Create a storage account. For more information, see Create a storage account.
    Important: You must have a storage account to connect to an event hub. For more information, see Microsoft Azure Event Hubs protocol FAQ.
  3. Optional: Create an event hub. For more information, see Quickstart: Create an event hub using Azure portal.
  4. Configure the Microsoft Azure Activity Logs to send events to a Microsoft Azure Event Hub. For more information see, Export Azure Activity log to storage or Azure Event Hubs.
  5. Configure QRadar to collect events from Microsoft Azure Event Hubs by using the Microsoft Azure Event Hubs protocol. For more information about the protocol, see Microsoft Azure log source parameters for Microsoft Azure Event Hubs.
Note: Microsoft Azure Log Integration service is no longer used to send events to QRadar. Microsoft Azure Log Integration service is deprecated and no longer supported by Microsoft.