Azure

DEFEND collects Azure logs from an Azure Storage Bucket. You'll need to create a storage bucket, configure Azure to send the logs there, then grant DEFEND access to fetch the logs.

Create Storage Account

First create an Azure Storage Account for storing the exported log files:

Resource Group: FoxTech-SOC-RG

Storage name: foxtechsoc

• Standard performance
• Region: UK South
• Local redundant storage

1. Storage Account: foxtech-soc
2. Add a rule:
3. If blob was last modified more than 14 days ago, then Delete the blob

Grant access

Now grant DEFEND access to the Storage Account:

Add SOC IP Address:

1. Go to Storage Account: foxtechsoc
2. Security + networking > Networking
3. Firewall: Ask FoxTech support for the DEFEND Log Collector IP you've been allocated.

Collect Storage Access Keys, and provide to FoxTech SOC

Export logs

Finally configure Azure to export logs to the storage acccount.

1. Portal.azure.com
2. Monitor > Activity Log > Export Activity Logs
3. Select Subscription to monitor
4. Add Diagnostics setting
   1. Set name to: “FoxTech-SOC”
   2. Select all categories
   3. Archive to a storage account
   4. Select the storage account created earlier: “foxtechsoc”