azure, alias: Azure_Sentinel) lets you configure your telemetry
pipeline to send security-related logs and events to Azure Sentinel.
Supported telemetry types
The for Chronosphere Telemetry Pipeline supports these telemetry types:| Logs | Metrics | Traces |
|---|---|---|
Configuration parameters
Use the parameters in this section to configure the . The Telemetry Pipeline web interface uses the items in the Name column to describe these parameters. Pipeline configuration files use the items in the Key column as YAML keys.Required
| Name | Key | Description | Default |
|---|---|---|---|
| Customer / Workspace ID | customer_id | Required. Customer ID or WorkspaceID string. | none |
| Client Authentication Key | shared_key | Required. The primary or the secondary Connected Sources client authentication key. | none |
Advanced
| Name | Key | Description | Default |
|---|---|---|---|
| Event Type Name | log_type | The name of the event type. | fluentbit |
| Time Key | time_key | Optional parameter to specify the key name where the timestamp is stored. | @timestamp |
| Enable Time Generated | time_generated | If true, the HTTP request header time-generated-field is included so Azure can override the timestamp with the key specified by the time_key option. Accepted values: true, false. | false |
Security and TLS
| Name | Key | Description | Default |
|---|---|---|---|
| TLS | tls | If true, enables TLS/SSL. If false, disables TLS/SSL. Accepted values: true, false. | false |
| TLS Certificate Validation | tls.verify | If on, and if tls is true, enables TLS/SSL certificate validation. If off, disables TLS/SSL certificate validation. Accepted values: on, off. | on |
| TLS Debug Level | tls.debug | Sets TLS debug verbosity level. Accepted values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), 4 (Verbose). | 1 |
| CA Certificate File Path | tls.ca_file | Absolute path to CA certificate file. | none |
| Certificate File Path | tls.crt_file | Absolute path to certificate file. | none |
| Private Key File Path | tls.key_file | Absolute path to private key file. | none |
| Private Key Path Password | tls.key_passwd | Password for private key file. | none |
| TLS SNI Hostname Extension | tls.vhost | Hostname to be used for TLS SNI extension. | none |
Advanced Networking
| Name | Key | Description | Default |
|---|---|---|---|
| DNS Mode | net.dns.mode | Selects the primary DNS connection type, which can be TCP or UDP. | none |
| DNS Resolver | net.dns.resolver | Selects the primary DNS connection type, which can be LEGACY or ASYNC. | none |
| Prefer IPv4 | net.dns.prefer_ipv4 | Prioritizes IPv4 DNS results when trying to establish a connection. Accepted values: true, false. | false |
| Keepalive | net.keepalive | Enables or disables Keepalive support. Accepted values: true, false. | true |
| Keepalive Idle Timeout | net.keepalive_idle_timeout | Sets the maximum time allowed for an idle Keepalive connection. | 30s |
| Max Connect Timeout | net.connect_timeout | Sets the maximum time allowed to establish a connection, which includes the TLS handshake. | 10s |
| Max Connect Timeout Log Error | net.connect_timeout_log_error | Specifies whether to log an error on connection timeout. When disabled, the timeout is logged as a debug message. Accepted values: true, false. | true |
| Max Keepalive Recycle | net.keepalive_max_recycle | Sets the maximum number of times a keepalive connection can be used before it’s retired. | 2000 |
| Source Address | net.source_address | Specifies the network address to bind for data traffic. | none |