/
Microsoft Azure collector
Document toolboxDocument toolbox

Microsoft Azure collector

Owned by Laszlo Frazer
Last updated: yesterday at 9:49 pm
1 min read
[ 1 Purpose ] [ 2 Run It ] [ 3 Devo collector features ]

Purpose

The Microsoft Azure collector gets data from Azure cloud computing services. Common uses are:

  • Detect malicious Entra ID authentication

  • Detect malicious role, policy, and group changes impacting cloud infrastructure

  • Correlate risky users identified by Entra ID with data you have in Devo

  • Detect malicious Application Gateway traffic

  • Detect failures and measure costs of virtual machines

 

Run It

The Azure Collector has two services:

  • VM Metrics, for Virtual Machines

  • Event Hub, for everything else in Azure

These services should be enabled in separate collector instances.

 

Devo collector features

Features

Details

Features

Details

Allow parallel downloading (multipod)

The vm_metrics service cannot work in multipod mode. If you want to use the event_hubs service in multipod mode, you must not include a vm_service in the same collector.

Populated Devo events

  • table

Flattening pre-processing

  • no

Allowed source events obfuscation

  • yes

Related content

Microsoft Azure collector
Microsoft Azure collector
Devo latest
More like this
Azure Event Hub collector
Azure Event Hub collector
Devo Additional Documentation
More like this
Microsoft Azure collector
Microsoft Azure collector
Devo v7.10.0
More like this
Virtual Machine Metrics in Azure collector
Virtual Machine Metrics in Azure collector
Devo Additional Documentation
More like this
Microsoft Defender Cloud Apps
Microsoft Defender Cloud Apps
7.13
More like this
Microsoft Defender Cloud Apps
Microsoft Defender Cloud Apps
Devo latest
More like this