Azure Monitor

What is "Persistence Azure Monitor" Hook about?

The Azure Monitor persistenceProvider hook saves all findings and reports into the configured Azure Monitor workspace using the Data Collector API. This allows working with the data in Azure Monitor or Microsoft Sentinel to configure alerting based on new findings. It will create a custom log type for every scantype titled SCB_[scantype_name].

Installing the Azure Monitor persistenceProvider hook will add a ReadOnly Hook to your namespace.

Deployment

The persistence-azure-monitor chart can be deployed via helm:

# Install HelmChart (use -n to configure another namespace)
helm upgrade --install persistence-azure-monitor secureCodeBox/persistence-azure-monitor

Requirements

Kubernetes: >=v1.11.0-0

Additional Chart Configurations

The hook requires the Azure Monitor Workspace ID and its Primary Key for authentication. For details on how to find them, see this page. Create a Kubernetes secret with these values using

# Create the secret (use a leading space to avoid having secrets in your shell history)
# Replace "workspace=your-workspace-id" with your Workspace ID
# Replace "sharedkey=your-shared-key" with your Primary Key
 kubectl create secret generic azure-monitor --from-literal=workspace=your-workspace-id --from-literal=sharedkey=your-shared-key

Then, configure the hook to use this secret when installing it:

helm upgrade --install persistence-azure-monitor . --wait \
             --set="monitor.authentication.apiKeySecret="azure-monitor""

Values

Key	Type	Default	Description
hook.affinity	object	{}	Optional affinity settings that control how the hook job is scheduled (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/)
hook.env	list	[]	Optional environment variables mapped into the hook (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)
hook.extraVolumeMounts	list	[]	Optional VolumeMounts mapped into the hook (see: https://kubernetes.io/docs/concepts/storage/volumes/)
hook.extraVolumes	list	[]	Optional Volumes mapped into the hook (see: https://kubernetes.io/docs/concepts/storage/volumes/)
hook.image.pullPolicy	string	"IfNotPresent"	Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
hook.image.repository	string	"docker.io/securecodebox/hook-persistence-azure-monitor"	Hook image repository
hook.image.tag	string	defaults to the charts version	Container image tag
hook.labels	object	{}	Add Kubernetes Labels to the hook definition
hook.priority	int	0	Hook priority. Higher priority Hooks are guaranteed to execute before low priority Hooks.
hook.resources	object	{ requests: { cpu: "200m", memory: "100Mi" }, limits: { cpu: "400m", memory: "200Mi" } }	Optional resources lets you control resource limits and requests for the hook container. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
hook.tolerations	list	[]	Optional tolerations settings that control how the hook job is scheduled (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
hook.ttlSecondsAfterFinished	string	nil	Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
imagePullSecrets	list	[]	Define imagePullSecrets when a private registry is used (see: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/)
monitor.authentication	object	{"apiKeySecret":null}	Configure authentication schema and credentials the persistence provider should use to connect to Azure Monitor
monitor.authentication.apiKeySecret	string	nil	Link a pre-existing generic secret with workspace and sharedkey key / value pairs
monitor.logtypePrefix	string	"SCB"

License

Code of secureCodeBox is licensed under the Apache License 2.0.