Migrate the Azure Storage Analytics Cloud Collector

The Azure Storage Analytics Cloud Collector enables you to ingest logs into the Exabeam Security Operations Platform. If you previously used the Azure Cloud Connector and want to take advantage of the Cloud Collectors service, migration to the new Cloud Collector is recommended. Before you migrate, consider the following:

The ingestion method now leverages Azure Event Hub as the transport mechanism versus the previously supported API.
License Requirements: No additional license is required. The Cloud Collectors app is included with your existing license.
Required Azure Subscriptions: The following table displays minimum Azure subscriptions required per feature.
Feature
Minimum Azure Subscription
Ingestion from EventHub
EventHub Standard or Premium
SaaS Cloud Connectors Support: Both the SaaS Cloud Connectors and the new Cloud Collectors environments can run in parallel.

Feature	Minimum Azure Subscription
Ingestion from EventHub	EventHub Standard or Premium

The following table indicates the Azure Cloud Connector's endpoints that map to the new Cloud Collector Azure Storage Analytics.

Legacy Connector	Legacy Endpoint	New Collector
Azure	Discovered endpoints per Storage Account For example: Storage Analytics - [Storage Account ID: /subscriptions/32t4c123-1234-4d4c-5b87-c839525f033c/resourceGroups/rg_dr_abc/providers/Microsoft.Storage/storageAccounts/lg7r26recoveryvasrcache] Storage Analytics - [Storage Account ID: /subscriptions/c92abc7e-3d7d-44c5-b789-4advbf789dd2/resourceGroups/abcdefghijkl-migrated/providers/Microsoft.Storage/storageAccounts/sggovernance] Storage Analytics - [Storage Account ID: /subscriptions/2abc1234-e4ae-9e55-b3ed-9a8a93a2b27c/resourceGroups/rg_abbcdef_test_dev/providers/Microsoft.Storage/storageAccounts/bootdiag29b679e0132afd01] Storage Analytics - [Storage Account ID: /subscriptions/1234560e-8cac-5rt5-a78d-e4e61d123456/resourceGroups/rg_abcgekrt_prod_infosec/providers/Microsoft.Storage/storageAccounts/datarestoresubprod]	Azure Storage Analytics

Legacy Connector

Legacy Endpoint

New Collector

Azure

Discovered endpoints per Storage Account

For example:

Storage Analytics - [Storage Account ID: /subscriptions/32t4c123-1234-4d4c-5b87-c839525f033c/resourceGroups/rg_dr_abc/providers/Microsoft.Storage/storageAccounts/lg7r26recoveryvasrcache]
Storage Analytics - [Storage Account ID: /subscriptions/c92abc7e-3d7d-44c5-b789-4advbf789dd2/resourceGroups/abcdefghijkl-migrated/providers/Microsoft.Storage/storageAccounts/sggovernance]
Storage Analytics - [Storage Account ID: /subscriptions/2abc1234-e4ae-9e55-b3ed-9a8a93a2b27c/resourceGroups/rg_abbcdef_test_dev/providers/Microsoft.Storage/storageAccounts/bootdiag29b679e0132afd01]
Storage Analytics - [Storage Account ID: /subscriptions/1234560e-8cac-5rt5-a78d-e4e61d123456/resourceGroups/rg_abcgekrt_prod_infosec/providers/Microsoft.Storage/storageAccounts/datarestoresubprod]

Azure Storage Analytics

When you are ready to migrate:

Stop the specific endpoints related to storage analytics for the Azure Cloud Connector.
Refer to the table above for examples of legacy endpoints that you must stop to proceed with creating a new cloud collector instance.
Wait for the running tasks to complete. The user interface indicates the time required for task completion.
Complete the prerequisites for configuring the Azure Storage Analytics Cloud Collector.
Follow the steps to Configure the Azure Storage Analytics Cloud Collector.
Note
It is recommended to create an event hub specifically for storage account logs and use that event hub for multiple storage accounts to ensure that storage account logs are streamed to the same event hub.

CollectorsCloud Collectors Administration Guide

Table of ContentsTable of Contents

Migrate the Azure Storage Analytics Cloud Collector

Note