Skip to main content

Exporting alerts to Console via Azure

  • Updated

1. Azure Storage Account

The first thing that you will need to do is create an azure storage account. You will need to note the account name and azure account key from the credential page.

2. Azure Storage Queue

Next create an Azure storage queue to hold the storage account event notifications. The Console will subscribe to this queue to learn of new alerts. This is necessary in order for the console to display alerts.

3. Azure Storage Queue Event

The last step in Azure is to setup an event when the storage account receives new alerts. To do this, go to the storage events page on the account created earlier and select "+ Event Subscription". For event types only "Blob Created" is needed. For endpoint select "Storage Queue" and then the queue you created earlier.

4. Console

Follow the Capsule8 PackageCloud or Docker registry setup documentation to install the Console in the environment of your choice.

You will need to edit /etc/capsule8/capsule8-console.yaml with the following configuration (fill in the correct values for your setup):

console:
  frontend: https://<dns-or-ip-you-will-use-in-the-browser>
  listen_address: 0.0.0.0:443
  alert_blob_storage_enabled: true
  alert_blob_storage_bucket_name: <azure-blob-container-folder>
  alert_storage_account_name: <storage account name>
  alert_storage_account_key: <storage account key>
  alert_storage_queue_name: <storage queue name>
  auth_session_key: <64 character hexadecimal string>
  database: postgres://<db-user>:<db-password>@<dp-ip-address>:5432/<db-name>

If the frontend value is set incorrectly, you will be able to view the Console but alerts will not show up without a page refresh. You will also see a banner that mentions connectivity issues. Make sure that the frontend value is set to the same base URL you visit in the browser.

5. Sensors

To configure a Capsule8 Sensor in the blob storage-based deployment, you must add the following to /etc/capsule8/capsule8-sensor.yaml where the Sensor is running:

process_lineage_enabled: true
alert_output:
  outputs:
     - type: blobstorage 
       enabled: true 
       bucket_name: <storage blob folder name> 
       provider: azure 
       azure_account_name: <storage account name> 
       azure_account_key: <storage account key>
 
Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.