...
An analyst wants to detect <adjective> behavior in <data source>abusive resource consumption in Azure Virtual Machines. Using the <name> VM Metrics Azure collector to send <type> CPU and disk usage to Devo, the analyst will find <outcome>machines with too much resource usage. As a result, the analyst will <verb> remove the <entity>malicious mining programs, preventing them from <tactic>degrading service and stealing compute.
Example tables
Table | Description |
|---|---|
cloud.azure.vm.metrics_simple | Virtual machine performance data in Azure |
Authorize It
Microsoft credentials are confusing. Consult Microsoft collector OAuth authentication before you begin.
Log in to your Azure account and search for Azure Active Directory.
...
Now, click App registrations in the left menu and click the app (or Service Principal) that you are going to use.
...
In the Overview area, find the Application (client) ID and the Directory (tenant) ID.
...
Now click Certificates & Secrets on the menu and create a new client secret by clicking the New client secret button.
| Note |
|---|
Save the client secret value. It will be only shown once.
|
...
Get the subscription ID by searching for Subscriptions on the home page.
...
Find the correct subscription and note down the subscription ID.
...
Run It
In the Cloud Collector App, create an Azure Collector instance using this parameters template, replacing the values enclosed in < >.
...