Azure Storage Account Transport Method Overview🔗
Summary🔗
Azure Storage Accounts provide a scalable, durable, and highly available storage solution for a variety of data objects, including blobs, files, queues, and tables. It's a fully-managed service that ensures data security, redundancy, and accessibility. Microsoft has positioned storage accounts to be a versatile solution for storing a wide range of data types, which can be utilized by various Azure services and third-party applications.
XDR supports the ability to ingest data, regardless of source, from a storage account.
By integrating with Azure Storage Accounts, XDR significantly enhances its data ingestion capabilities, ensuring comprehensive coverage across a diverse range of data types. This integration not only facilitates the seamless acquisition of data from various Microsoft Azure sources, but also extends the platform's reach to incorporate information from multiple third-party services.
As a result, XDR is equipped to provide a more holistic view of the data landscape, enabling robust analysis and rapid response to potential insights. This breadth of coverage ensures that users benefit from a unified and enriched data posture, leveraging the full spectrum of available data.
Reference Architecture🔗
Example Scenario🔗
Microsoft has just released a new data source that XDR does not yet support as an optimized integration, but Azure Monitor supports forwarding logs to an Azure Storage account. Since XDR supports the ability to ingest data from an storage account, it can now support collection of data from this new data source.
Take the following actions to fully integrate with this data source:
- Follow the setup instructions to enable ingest of the data source.
- Set up Custom Parsers to enable normalization of the ingested data.
- Set up Custom Alert Rules to enable alerting on security findings from the normalized data.
Setup🔗
Azure storage accounts can be configured by following the setup documentation.