Azure Blob Storage SIEM Forwarding Connector

This connector can be run in the cloud.

The Azure Blob Storage connector enables the export of Ivanti Neurons audit trail logs to a Security Information and Event Management (SIEM) system for enhanced data analysis and monitoring.

Audit logs generated by Ivanti Neurons are periodically written to your designated Azure Blob Storage container. From there, your SIEM system can ingest the data using its existing pipeline.

In order to connect Microsoft Azure to the Neurons Platform, you must first create a storage account or select an existing storage account and a corresponding blob container in the Azure portal. Use Account key as the signing method. This container stores audit trail logs exported from Ivanti Neurons. Access to the container is granted using a Shared Access Signature (SAS) URL (Blob SAS URL) which must be generated with the appropriate permissions.

To begin, create or select a storage account and a corresponding blob container in the Azure portal. The SAS URL must include write permissions and be configured with an expiry date set far into the future to ensure continuous access. You must also restrict access to HTTPS protocols only.

Once generated, the Blob SAS URL will be used in the Neurons Platform to complete the connector configuration. For detailed guidance on generating a SAS token, see Using shared access signatures (SAS) in Azure Storage in the Microsoft Azure documentation.

Options

An Azure Blob Storage connector has the following options:

  • Connector name: A name for the connector.
  • SAS URL for Blob storage container : Enter the Blob SAS URL for your Assure Blob Storage container. Ensure that the SAS URL provides the necessary write permissions for Neurons to upload files.
  • Repeats: How often the Neurons should export audit trail to data to your Azure Blob Storage.
  • Active: Enable or disable the connector. When active, it exports data according to the defined schedule.
  • Test Connections: Click this button to ensure that Ivanti Neurons can successfully connect to your Azure Blob Storage container using the provided SAS URL.
  • Click Save.

You can save the connector only after you successfully test the connection.

After Ivanti Neurons begins writing audit logs to your Azure Blob Storage container, configure your SIEM solution to ingest the data from that location. Use the ingestion method supported by your specific SIEM platform.

For details on configuring or using connectors, see Connectors.