AlienVault® USM Anywhere™

Azure Log Discovery and Collection in USM Anywhere

When you use Azure Diagnostic logs to monitor your deployed assets, including Windows hosts, IIS, and the Azure SQL Database service, USM Anywhere automatically discovers and enables collection of these logs through Azure APIs. A USM Anywhere Sensor deployed in your Azure environment is preconfigured to automatically discover Azure Storage Tables and BLOBs containing these types of diagnostic logs. You can enable or disable the default log collection jobs from the Azure Sensor Setup Wizard (see Azure Log Collection) or within the USM Anywhere Scheduler (see Enable Defined Jobs).

To supplement the default log collection jobs and to add log collection for Azure Web Apps, you can also create custom log collection jobs that operate through the Azure sensor app.

Note: What an Azure log job collects depends on whether you granted contributor permissions to one of your resources or to your entire Azure subscription for the USM Anywhere application. Depending on the Azure Credentials configured for the deployed Azure Sensor, the sensor could have access to individual resource groups or the whole subscription. For more details, see Creating an Application and Obtaining Azure Credentials.