- Cloud Collectors Overview
- Administration
- Administrative Access
- Shareable Service Accounts
- Add Accounts for AWS Cloud Collectors
- Add Accounts for Cisco Duo Cloud Collector
- Add Accounts for Google Cloud Collectors
- Add Accounts for Microsoft Cloud Collectors
- Add Accounts for Okta Cloud Collectors
- Add Accounts for Salesforce Cloud Collectors
- Add Accounts for Splunk Cloud Collectors
- Add Accounts for Trend Micro Cloud Collectors
- Add Accounts for Wiz
- Define a Unique Site Name
- Sign Up for the Early Access Program
- Onboard Cloud Collectors
- Abnormal Security Cloud Collector
- Anomali Cloud Collector
- AWS CloudTrail Cloud Collectors
- AWS CloudWatch Cloud Collector
- AWS CloudWatch Alarms Cloud Collector
- AWS GuardDuty Cloud Collector
- AWS S3 Cloud Collector
- AWS Security Lake Cloud Collector
- AWS SQS Cloud Collector
- Azure Activity Logs Cloud Collector
- Azure Blob Storage Cloud Collector
- Azure Log Analytics Cloud Collector
- Azure Event Hub Cloud Collector
- Azure Storage Analytics Cloud Collector
- Azure Virtual Network Flow Cloud Collector
- Box Cloud Collector
- Broadcom Carbon Black Cloud Collector
- Cato Networks Cloud Collector
- Cisco Duo Cloud Collector
- Cisco Meraki Cloud Collector
- Cisco Secure Endpoint Cloud Collector
- Cisco Umbrella Cloud Collector
- Cloudflare Cloud Collector
- Cribl Cloud Collector
- CrowdStrike Cloud Collectors
- Cylance Protect (now Arctic Wolf) Cloud Collector
- DataBahn Cloud Collector
- Dropbox Cloud Collector
- GCP Cloud Logging Cloud Collector
- GCP Pub/Sub Cloud Collector
- GCP Security Command Center Cloud Collector
- GitHub Cloud Collector
- Google Workspace Cloud Collector
- LastPass Cloud Collector
- Microsoft Defender XDR (via Azure Event Hub) Cloud Collector
- Microsoft Entra ID Context Cloud Collector
- Microsoft Entra ID Logs Cloud Collector
- Microsoft 365 Exchange Admin Reports Cloud Collector
- Supported Sources from Microsoft 365 Exchange Admin Reports
- Migrate to the Microsoft 365 Exchange Admin Reports Cloud Collector
- Prerequisites to Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Troubleshooting the Microsoft 365 Exchange Admin Reports Cloud Collector
- Microsoft 365 Management Activity Cloud Collector
- Microsoft Security Alerts Cloud Collector
- Microsoft Sentinel (via Event Hub) Cloud Collector
- Mimecast Cloud Collector
- Netskope Alerts Cloud Collector
- Netskope Events Cloud Collector
- Okta Cloud Collector
- Okta Context Cloud Collector
- Palo Alto Networks Cortex Data Lake Cloud Collector
- Palo Alto Networks XDR Cloud Collector
- Progress ShareFile Cloud Collector
- Proofpoint On-Demand Cloud Collector
- Proofpoint Targeted Attack Protection Cloud Collector
- Qualys Cloud Collector
- Recorded Future Cloud Collector
- Recorded Future Context Cloud Collector
- Rest API Cloud Collector
- Salesforce Cloud Collector
- Salesforce EventLog Cloud Collector
- SentinelOne Alerts Cloud Collector
- SentinelOne Cloud Funnel Cloud Collector
- SentinelOne Threats Cloud Collector
- SentinelOne Cloud Collector
- ServiceNow Cloud Collector
- Slack Cloud Collector
- Snowflake Cloud Collector
- Sophos Central Cloud Collector
- Splunk Cloud Collector
- STIX/TAXII Cloud Collector
- Symantec Endpoint Security Cloud Collector
- Tenable Cloud Collector
- Trend Vision One Cloud Collector
- Trellix Endpoint Security Cloud Collector
- Vectra Cloud Collector
- Zoom Cloud Collector
- Zscaler ZIA Cloud Collector
- Webhook Cloud Collectors
- Wiz Issues Cloud Collector
- Wiz API Cloud Collector
- Troubleshooting Cloud Collectors
Prerequisites to Configure the Azure Virtual Network Flow Cloud Collector
Before you configure the Azure Virtual Network Flow Cloud Collector, you must create a Microsoft Entra ID application application and complete the following prerequisites to obtain the relevant information.
Create a Microsoft Entra ID application – Create a Microsoft Entra ID application. This includes creating and registering an application in the Microsoft Azure portal, and generating authentication certificates and secrets. Assigning API permissions, and granting administration consent is not required for the Azure Virtual Network Flow cloud collector.
Assign the Storage Blob Data Reader role to the storage account.
Add a shareable Microsoft account – Create an account in Exabeam Cloud Collectors that can be shared across multiple Microsoft collectors.
Assign the Storage Blob Data Reader Role
Use the following steps to assign the Storage Blob Data Reader role to a storage account in the Azure Portal.
Log in to the Microsoft Azure portal by accessing https://portal.azure.com.
In the left pane, to navigate to your storage account, click Storage accounts.
Click the storage account to which you want to assign the role.
Click + Add and click Add role assignment.
In the Role tab, search for and select Storage Blob Data Reader.
This role provides read-only access to blob data in the storage account.
Click Next, and assign access to the required User, Group, or Service Principal.
Click Next and then click Review + assign.
Obtain the Storage Account Name
Use the following steps to obtain the storage account name.
Log in to the Microsoft Azure portal.
To navigate to your storage account in the Azure portal, in the left pane, click Storage accounts or search for Storage accounts in the search box and select the account.
Note the account name. The Overview page displays the storage account name.
Note
Ensure that you use the same storage account while configuring virtual network flow logs. For more information about creating and editing the virtual network flow logs, see Manage VNet flow logs in the Microsoft documentation.
Obtain the Subscription ID of the Storage Account
Use the following steps to obtain the Subscription ID of the storage account name.
Log in to the Microsoft Azure portal.
To navigate to your storage account in the Azure portal, in the left pane, click Storage accounts or search for Storage accounts in the search box and select the storage account you used to store the logs.
In Data storage, select Containers.
Select the insights-logs-flowlogflowevent container.
In insights-logs-flowlogflowevent, select flowLogResourceID= directory. In this path, copy directory name which is of the format {subscriptionID}_NETWORKWATCHERRG.