SA-AzureResources: Technical Guide and Documentation¶
Populate a KV Store with asset information collected from Azure using the app Splunk Add-on for Microsoft Cloud Services. This supporting add-on contains out of the box searches and KV Store lookups for integrating with the Splunk Enterprise Security Assets and Identities ES Framework.
High-Level Configuration Guide¶
- Splunk Add-on for Microsoft Cloud Services will collect the Azure Resource information on a scheduled interval
- Update, edit and schedule the saved search within this app & populate the KV Stores
- Once the KV Stores are populated add them to Assets & Identities (A&I)