Azure Firewall

Create an Azure Event Hub Namespace and Event Hub#

• Azure Portal: Navigate to the Azure Portal.
• Create a Namespace: Search for “Event Hubs” and create a new Event Hub namespace.
• Create an Event Hub: Within the namespace, create an Event Hub (e.g., “firewall-logs”).

Configure Azure Firewall to Send Logs to Event Hub#

• Azure Firewall Policy: Go to the Azure Firewall policy associated with your firewall.

• Diagnostic Settings: Under “Diagnostics”, create a new diagnostic setting.

  • Name: Provide a name for the setting (e.g., “FirewallLogsToEventHub”).
  • Destination: Choose “Stream to an Event Hub” and select the Event Hub namespace and hub you created.
  • Logs: Select the following:
    • “Azure Firewall Network Rule”
    • “Azure Firewall DNS Query”
    • “Azure Application Network Rule” (if applicable)
  • Enable: Select SAVE to enable the diagnostic setting.

  

Create an Event Hub Consumer Group (Optional but Recommended)#

• Event Hub: Go to your Event Hub.
• Consumer Groups: Create a new consumer group (e.g., “securonix-consumer-group”).

You will need to provide the following to SolCyber:

• Event Hub Namespace

• Event Hub Name

• EventHub Namespace SAS Key Name (E.g., RootManageSharedAccessKey)

  • EventHub Namespace SAS Key Primary Connection String