Azure Sentinel destination plugin
The Azure Sentinel destination plugin lets you configure Chronosphere Telemetry Pipeline to send security-related logs and events to Azure Sentinel.
Supported telemetry types
This plugin supports these telemetry types:
Logs | Metrics | Traces |
---|---|---|
Configuration parameters
Use the parameters in this section to configure your plugin. The Telemetry Pipeline web interface uses the values in the Name column to describe the parameters. Items in the Key column are the YAML keys to use in pipeline configuration files.
Required
Name | Key | Description | Default |
---|---|---|---|
Customer / Workspace ID | customer_id | Required. Customer ID or WorkspaceID string. | none |
Client Authentication Key | shared_key | Required. The primary or the secondary Connected Sources client authentication key. | none |
Advanced
Name | Key | Description | Default |
---|---|---|---|
Event Type Name | log_type | The name of the event type. | fluentbit |
Time Key | time_key | Optional parameter to specify the key name where the timestamp is stored. | @timestamp |
Enable Time Generated | time_generated | If true , the HTTP request header time-generated-field is included so Azure can override the timestamp with the key specified by the time_key option. Accepted values: true , false . | false |
Security and TLS
Name | Key | Description | Default |
---|---|---|---|
TLS | tls | Enable or disable TLS/SSL support. Accepted values: true , false . | false |
TLS Certificate Validation | tls.verify | Turn TLS/SSL certificate validation on or off. TLS must be on for this setting to be enabled. | on |
TLS Debug Level | tls.debug | Set TLS debug verbosity level. Accepted values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), 4 (Verbose). | 1 |
CA Certificate File Path | tls.ca_file | Absolute path to CA certificate file. | none |
Certificate File Path | tls.crt_file | Absolute path to certificate file. | none |
Private Key File Path | tls.key_file | Absolute path to private key file. | none |
Private Key Path Password | tls.key_passwd | Optional password for tls.key_file file. | none |
TLS SNI Hostname Extension | tls.vhost | Hostname to be used for TLS SNI extension. | none |
Advanced Networking
Name | Key | Description | Default |
---|---|---|---|
DNS Mode | net.dns.mode | Select the primary DNS connection type, which can be TCP or UDP . | none |
DNS Resolver | net.dns.resolver | Select the primary DNS connection type, which can be LEGACY or ASYNC . | none |
Prefer IPv4 | net.dns.prefer_ipv4 | Prioritize IPv4 DNS results when trying to establish a connection. Accepted values: true , false . | false |
Keepalive | net.keepalive | Enable or disable Keepalive support. Accepted values: true , false . | true |
Keepalive Idle Timeout | net.keepalive_idle_timeout | Set maximum time allowed for an idle Keepalive connection. | 30s |
Max Connect Timeout | net.connect_timeout | Set maximum time allowed to establish a connection, which includes the TLS handshake. | 10s |
Max Connect Timeout Log Error | net.connect_timeout_log_error | On connection timeout, specify if it should log an error. When disabled, the timeout is logged as a debug message. Accepted values: true , false . | true |
Max Keepalive Recycle | net.keepalive_max_recycle | Set maximum number of times a keepalive connection can be used before it's retired. | 2000 |
Source Address | net.source_address | Specify network address to bind for data traffic. | none |