(For example, Azure Active Directory Premium P1 or P2 license.) Your Azure license allows you to export sign-in data. You can create a storage account and a dedicated resource group on Azure in the region where you will perform the deployment. For more information, see enable_azure_threat_detection. In the systemparm.properties file, the enable_azure_threat_detection parameter is set to true. The ARM template (AzureDeployPTAForwarder.json) The Function App (AzureEventsToPTAForwarder.zip) You have the following files in your PTA installation package: PAM - Self-Hosted 11.5 or later is installed and includes the Vault, PVWA, CPM, and PTA. The Function App parses the logs and sends them to the PTA interface for further processing and analysis.īefore you configure Azure to forward syslog messages to PTA, make sure that: Whenever new data is written to the Event Hub, the Function App is triggered. The Event Hub is created as part of the ARM template deployment.Īzure Active Directory sign-in logs are exported to the Event Hub based on Azure security best practices. PTA provides 2 files, the ARM template (AzureDeployPTAForwarder.json) and the Function App (AzureEventsToPTAForwarder.zip), which you upload and deploy in the Azure environment. The following diagram explains how PTA integrates with Azure to collect and analyze sign-in activities: PTA ensures that privileged users are operating within policy and mitigates the risk of advanced cyber attacks. PTA analyzes Azure login activities of IAM (Identity Account Management) users based on AAD (Azure Active Directory) sign-in logs.īy monitoring privileged cloud users, PTA detects, alerts, and responds to high-risk privileged access. PTA integrates with Azure to enable it to send raw data to PTA. Configure Azure to Forward Syslog Messages to PTA
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |