AlienVault® USM Anywhere™

Azure Event Hubs Setup in USM Anywhere

Event Hubs is a data and event processing service for Microsoft Azure. You can configure your Azure sensor to receive and process information from Event Hubs and in your USM Anywhere environment.

Event Hub Setup and Configuration

To begin setup and configuration, you first need to create an event hub in the Azure portal online. Follow the process documented in the Microsoft's Azure documentation to create your resource group, namespace, and event hub.

After you complete the initial setup, create a new policy to allow your event hub to communicate with USM Anywhere.

To configure Event Hubs for USM Anywhere

  1. In the Azure portal, click Shared Access Policies in the sidebar.
  2. Create a policy, and click the Listen Permission checkbox.
  3. Copy the connection string listed in the policy (this will be used in the next to connect the event hub in USM Anywhere).
  4. Click Save.

After you've completed the event hub setup, follow the steps in the Set up auditing for your database section of Microsoft's Event Hubs documentation to configure SQL event auditing.

Event Hub Connection in USM Anywhere

To enable Event Hubs in USM Anywhere

  1. Go to the Sensors page and open the Azure sensor.
  2. Click the Configurations tab.
  3. Complete the three fields

    • Event Hub Name
    • Event Hub Connection String
    • event hub consumer group
  4. Click Save.