When you configure Azure to forward syslog messages to PTA, you upload the Function App and deploy the ARM template, which automates the deployment process of the PTA Azure solution. The user who configures the export of sign-in logs from AAD to the EventHub (a one-time setup) has global administrator or security administrator permissions for the Azure AD tenant. The user who deploys the ARM template has Azure Contributor permissions. (For example, Azure Active Directory Premium P1 or P2 license.) Your Azure license allows you to export sign-in data. You can create a storage account and a dedicated resource group on Azure in the region where you will perform the deployment. For more information, see enable_azure_threat_detection. In the systemparm.properties file, the enable_azure_threat_detection parameter is set to true. The ARM template (AzureDeployPTAForwarder.json) The Function App (AzureEventsToPTAForwarder.zip) You have the following files in your PTA installation package: PAM - Self-Hosted 11.5 or later is installed and includes the Vault, PVWA, CPM, and PTA. The Function App parses the logs and sends them to the PTA interface for further processing and analysis.īefore you configure Azure to forward syslog messages to PTA, make sure that: Whenever new data is written to the Event Hub, the Function App is triggered. The Event Hub is created as part of the ARM template deployment.Īzure Active Directory sign-in logs are exported to the Event Hub based on Azure security best practices. PTA provides 2 files, the ARM template (AzureDeployPTAForwarder.json) and the Function App (AzureEventsToPTAForwarder.zip), which you upload and deploy in the Azure environment. The following diagram explains how PTA integrates with Azure to collect and analyze sign-in activities: PTA ensures that privileged users are operating within policy and mitigates the risk of advanced cyber attacks. PTA analyzes Azure login activities of IAM (Identity Account Management) users based on AAD (Azure Active Directory) sign-in logs.īy monitoring privileged cloud users, PTA detects, alerts, and responds to high-risk privileged access. PTA integrates with Azure to enable it to send raw data to PTA. Configure Azure to Forward Syslog Messages to PTA
0 Comments
Leave a Reply. |