/
Integrating Microsoft Azure

Integrating Microsoft Azure

Barracuda XDR retrieves Audit Logs, Sign In Logs, and Activity Logs from Microsoft Azure. These items are read from the Azure Event Hub.

 

This video has no sound.

Requirements

  • An Azure Premium P1 or P2 license is required.

Integrating Microsoft Azure requires you follow these procedures, below:

  • Part 1: Setting Up Azure Event Hub

    • To create Event Hub Namespaces

  • Part 2: Configuring Storage Accounts

    • To initialize Storage Accounts

    • To set up Event Hub Entities

    • To set up an Event Hub Shared Access Policy

  • Part 3: Updating Diagnostic Settings

    • To update diagnostic settings for the sign in log

    • To update diagnostic settings for for the audit log and activity log

    • To set up Microsoft Defender for Cloud

  • Part 4: Barracuda XDR Dashboard Setup for Azure

 

Part 1: Setting Up Azure Event Hub

To create Event Hub Namespaces

Note on Azure Event Hub Requirement and Cost

Azure Event Hubs are required by Microsoft’s architecture to export logs from Microsoft to Barracuda XDR. Event Hubs function as a secure and scalable streaming platform, enabling real-time transmission of logs from Microsoft services to external platforms such as Barracuda XDR.The cost depends entirely on your environment — specifically the volume of events generated. This varies by user activity, alert volume, and policies, so Barracuda cannot provide a cost estimate of Microsoft Storage.To minimize cost:

  • Use the Basic tier

  • Set retention to 1 day

View Azure Event Hubs Pricing

  1. Navigate to the Azure Event Hub.

  2. Create three event hub namespaces dedicated to each of the following:

    1. Audit Logs

    2. Sign In Logs

    3. Activity Logs

  3. Click Review and Create.

Part 2: Configuring Storage Accounts

Configuring storage accounts requires the following procedures, below:

  • To initialize Storage Accounts

  • To set up Event Hub Entities

  • To set up an Event Hub Shared Access Policy

To initialize storage accounts

  1. Navigate to Storage Accounts.

    • Audit Logs

    • Sign In Logs

    • Activity Logs

  2. Click Review and Create.

The deployment may take a while.

To set up Event Hub Entities

  1. In Microsoft Azure, navigate to Event Hubs.

  2. In Event Hubs, select the check box of an Event Hub Namespace that you created in the previous procedure.

  3. Click Create Event Hub.

  4.  Repeat steps 2-3 for the rest of the namespaces.

  5.  Click Review and Create.

 

To set up an Event Hub Shared Access Policy

  1. In Event Hubs, on the right, click the link Event Hub Namespace that you created in the previous procedure.

  2. Click Shared Access Policies.


  3. Click Add.


  4. In Add SAS Policy, in Policy Name, type the name of the namespace.

  5. Select the Manage checkbox.

  6. Repeat steps 1-5 for the rest of the namespaces.

Part 2: Updating Diagnostic Settings

To update diagnostic settings for the sign in log

Contact Us
Barracuda Campus
Barracuda Support