Get Started

Getting Started

Deploy

Onboard and Manage Accounts

Amazon Web Services (AWS)

Google Cloud Platform (GCP)

Microsoft Azure

Oracle Cloud Infrastructure (OCI)

Additional Providers

Collect and Integrate Data

Harvesting & Event-Driven Harvesting

Integrations

Understand Data

Visibility & Reporting

Inventory

Query Filters & Insights

Manage and Act on Data

Bots & Automation

Infrastructure as Code (IaC) Security

Cloud IAM Governance

Vulnerability Management

Workload Security

Manage System Settings

InsightCloudSec System Configuration

Developer Resources

APIs

Support

Azure Event-Driven Harvesting

InsightCloudSec has the capability to augment standard polling-based harvesting along with Event-Driven Harvesting (EDH). For Azure, InsightCloudSec subscribes to control-plane change events using Azure’s EventGrid, which triggers targeted harvesting.

This dynamic approach to data collection both improves InsightCloudSec's cadence for providing resource visibility and opportunities for remediation, as well as enriches the data with lifecycle changes that enable auditing capabilities. With EDH-provided data, identifying how a resource entered a noncompliant state becomes much easier at scale.

Prerequisites

Before you get started with EDH, you need to ensure you have the following:

A basic understanding of the relevant Azure services
Appropriate Azure permissions
A strategy around the behaviors you want to use to configure EDH

If you have questions or encounter issues, reach out to us at through the Customer Support Portal.

Self-Hosted Customers

For self-hosted customers, this feature is only supported using the Fargate ECS via Terraform deployment method. Additionally, regardless of your method of deployment, there are settings that must be configured prior to deployment to prevent issues with EDH functioning correctly. In general, for self-hosted customers interested in using Azure EDH we recommend connecting with your CSM or the Customer Support Portal prior to enabling this feature.

Understanding EDH Concepts

EDH relies on a relationship between a Producer and Consumer. InsightCloudSec requires a way to pull event data out of Azure Subscriptions and with minimal infrastructure required. This is done with a Service Bus queue. If the Subscription has a queue following our naming convention, ICS automatically labels the Azure Subscription as an EDH Consumer.

Queue: Method for getting events out of the Subscription and into InsightCloudSec
Consumer: Subscription that contains a queue
Producer: EventGrid configuration that sends events to the queue
ServiceApp Principal: credentials used to pull events from the queue

For a single Azure Subscription, InsightCloudSec consumes events from an Azure Service Bus queue which in turn subscribes to events from Azure’s EventGrid. For each additional Azure Subscription, an EventGrid subscription can be configured to forward events to the first Service Bus queue, allowing for InsightCloudSec to consume events from a single queue.

EDH Supported Resources

For a complete list of supported Azure resources, refer to the EDH - Supported Resources (Azure) page.

Configuration Details

For details on setting up EDH for Azure, check out our EDH - Azure Setup documentation.

Did this page help you?

Harvesting & Event-Driven Harvesting

EDH - GCP Setup

Harvesting & Event-Driven Harvesting

EDH - Supported Resources (Azure)