For better performance and lower costs choose the same region where Microsoft Sentinel is located.ĭeployment will begin. The name you type is validated to make sure that it's unique in Azure Functions.į. Enter a globally unique name for the function app: Type a name that is valid in a URL path. Select Create new Function App in Azure (Don't choose the Advanced option)ĭ. Select Subscription: Choose the subscription to use.Ĭ. Select folder: Choose a folder from your workspace or browse to one that contains your function app.ī. Provide the following information at the prompts:Ī. If you're already signed in, go to the next step. If you aren't already signed in, choose the Azure icon in the Activity bar, then in the Azure: Functions area, choose Sign in to Azure Select the top level folder from extracted files.Ĭhoose the Azure icon in the Activity bar, then in the Azure: Functions area, choose the Deploy to function app button. Choose File in the main menu and select Open Folder. Extract archive to your local development computer. NOTE: You will need to prepare VS code for Azure function development.ĭownload the Azure Function App file. Use the following step-by-step instructions to deploy the data connector manually with Azure Functions (Deployment via Visual Studio Code). Option 2 - Manual Deployment of Azure Functions Mark the checkbox labeled I agree to the terms and conditions stated above. Select the preferred Subscription, Resource Group and Location.Įnter the Cisco Duo Integration Key, Cisco Duo Secret Key, Cisco Duo API Hostname, Cisco Duo Log Types, Microsoft Sentinel Workspace Id, Microsoft Sentinel Shared Key Use this method for automated deployment of the data connector using an ARM Template. Option 1 - Azure Resource Manager (ARM) Template IMPORTANT: Before deploying the data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as Azure Blob Storage connection string and container name, readily available. STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function Use Grant read log permission in the 4th step of the instructions. Follow the instructions to obtain integration key, secret key, and API hostname.STEP 1 - Obtaining Cisco Duo Admin API credentials This data connector depends on a parser based on a Kusto Function to work as expected CiscoDuo which is deployed with the Microsoft Sentinel Solution. See the documentation to learn more about creating Cisco Duo API credentials. Cisco Duo API credentials: Cisco Duo API credentials with permission Grant read log is required for Cisco Duo API.See the documentation to learn more about Azure Functions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |