The blobstorage output type sends alerts to individual files in an Azure Storage bucket. The sensor can optionally create the target bucket or buckets so long as it has sufficient permissions.
This output type is commonly used for easy archiving of Alerts in a durable store. It can also be used as the trigger for an ETL process in cloud environments where blob storage write events trigger a cloud function that processes the incoming Alert. At this point Alerts can be enriched, transformed, and shipped out to other systems as needed.
Configuration:
| Key | Required | Description |
|---|---|---|
type |
yes | The output type. |
enabled |
yes | Enables/disables the output. |
provider |
yes | The cloud provider name. |
bucket_name |
yes | The name of the bucket to write to. |
create_bucket |
no | Enables/disables bucket creation. |
Azure Specific Configuration:
| Key | Env Variable | Required | Description |
azure_account_name |
AZURE_ACCOUNT_NAME |
yes | The name of the Azure storage account. |
azure_account_key |
AZURE_ACCOUNT_KEY |
yes | An account key that has permissions to write to the blob container. |
Example sending Alerts to Azure Storage:
alert_output: outputs:
- type: blobstorage
enabled: true
bucket_name: capsule8-alerts
provider: azure
azure_account_name: <account-name>
azure_account_key: <account-key>
Comments
0 comments
Please sign in to leave a comment.