Skip to content

SA-AzureResources: Technical Guide and Documentation

Populate a KV Store with asset information collected from Azure using the app Splunk Add-on for Microsoft Cloud Services. This supporting add-on contains out of the box searches and KV Store lookups for integrating with the Splunk Enterprise Security Assets and Identities ES Framework.

High-Level Configuration Guide

  • Splunk Add-on for Microsoft Cloud Services will collect the Azure Resource information on a scheduled interval
  • Update, edit and schedule the saved search within this app & populate the KV Stores
  • Once the KV Stores are populated add them to Assets & Identities (A&I)