diff --git a/source/cloud-security/azure/activity-services/prerequisites/credentials.rst b/source/cloud-security/azure/activity-services/prerequisites/credentials.rst index 2e676aa39e..6770f02a98 100644 --- a/source/cloud-security/azure/activity-services/prerequisites/credentials.rst +++ b/source/cloud-security/azure/activity-services/prerequisites/credentials.rst @@ -35,14 +35,8 @@ Getting access credentials for Storage :align: center :width: 100% - -Authentication options ----------------------- - -There are two different ways to set up the Azure authentication: - Using an authentication file -^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +---------------------------- It is possible to store the credentials in a file for authentication as long as the file content follows the `field = value` format explained below. @@ -113,70 +107,4 @@ Regardless of the service or activity to be monitored, the authentication file i Check the :doc:`azure-logs wodle ` section from the ossec.conf reference page for more information about the ```` and other available parameters. - -Inserting the credentials into the configuration -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -.. deprecated:: 4.4.0 - -Another authentication option is to set up credentials by storing them directly into the Wazuh configuration file ``/var/ossec/etc/ossec.conf``, inside of the ````, ```` and ```` blocks on the module configuration. - -The tags to use are different depending on the type of service or activity to be monitored: - -.. rubric:: Microsoft Graph and Log Analytics - :class: h5 - -.. code-block:: none - :emphasize-lines: 6, 7, 18, 19 - - - no - yes - - - 8b7...c14 - w22...91x - - wazuh.onmicrosoft.com - - AzureActivity - d6b...efa - 1d - - - - - 8b7...c14 - w22...91x - - wazuh.onmicrosoft.com - - auditLogs/directoryAudits - 1d - - - - -.. rubric:: Storage - :class: h5 - -.. code-block:: none - :emphasize-lines: 6, 7 - - - no - yes - - - exampleaccountname - w22...91x - - - .json - json_inline - 24h - - - - Take a look at the :doc:`azure-logs wodle ` entry from the ``ossec.conf`` reference page for more information about the parameters. diff --git a/source/user-manual/reference/ossec-conf/wodle-azure-logs.rst b/source/user-manual/reference/ossec-conf/wodle-azure-logs.rst index b70d625bd6..df82ac0ee0 100644 --- a/source/user-manual/reference/ossec-conf/wodle-azure-logs.rst +++ b/source/user-manual/reference/ossec-conf/wodle-azure-logs.rst @@ -29,8 +29,6 @@ Options - `time`_ - `timeout`_ - `log_analytics`_ -- `log_analytics\\application_id`_ -- `log_analytics\\application_key`_ - `log_analytics\\auth_path`_ - `log_analytics\\tenantdomain`_ - `log_analytics\\request`_ @@ -39,8 +37,6 @@ Options - `log_analytics\\request\\workspace`_ - `log_analytics\\request\\timeout`_ - `log_analytics\\request\\time_offset`_ -- `graph\\application_id`_ -- `graph\\application_key`_ - `graph\\auth_path`_ - `graph\\tenantdomain`_ - `graph\\request`_ @@ -48,8 +44,6 @@ Options - `graph\\request\\query`_ - `graph\\request\\timeout`_ - `graph\\request\\time_offset`_ -- `storage\\account_name`_ -- `storage\\account_key`_ - `storage\\auth_path`_ - `storage\\tag`_ - `storage\\container`_ @@ -76,10 +70,6 @@ Options +----------------------------------------+----------------------------------------------+ | `log_analytics`_ | N/A | +----------------------------------------+----------------------------------------------+ -| `log_analytics\\application_id`_ | Any string | -+----------------------------------------+----------------------------------------------+ -| `log_analytics\\application_key`_ | Any string | -+----------------------------------------+----------------------------------------------+ | `log_analytics\\auth_path`_ | File path | +----------------------------------------+----------------------------------------------+ | `log_analytics\\tenantdomain`_ | Any string | @@ -98,10 +88,6 @@ Options +----------------------------------------+----------------------------------------------+ | `graph`_ | N/A | +----------------------------------------+----------------------------------------------+ -| `graph\\application_id`_ | Any string | -+----------------------------------------+----------------------------------------------+ -| `graph\\application_key`_ | Any string | -+----------------------------------------+----------------------------------------------+ | `graph\\auth_path`_ | File path | +----------------------------------------+----------------------------------------------+ | `graph\\tenantdomain`_ | Any string | @@ -118,10 +104,6 @@ Options +----------------------------------------+----------------------------------------------+ | `storage`_ | N/A | +----------------------------------------+----------------------------------------------+ -| `storage\\account_name`_ | Any string | -+----------------------------------------+----------------------------------------------+ -| `storage\\account_key`_ | Any string | -+----------------------------------------+----------------------------------------------+ | `storage\\auth_path`_ | File path | +----------------------------------------+----------------------------------------------+ | `storage\\tag`_ | Any string | @@ -248,8 +230,6 @@ Defines the use of the Azure Log Analytics REST API to get the desired logs. This block configures the integration with Azure Log Analytics REST API. -- `log_analytics\\application_id`_ -- `log_analytics\\application_key`_ - `log_analytics\\auth_path`_ - `log_analytics\\tenantdomain`_ - `log_analytics\\request`_ @@ -257,10 +237,6 @@ This block configures the integration with Azure Log Analytics REST API. +----------------------------------------+----------------------------------------------+ | Options | Allowed values | +========================================+==============================================+ -| `log_analytics\\application_id`_ | Any string | -+----------------------------------------+----------------------------------------------+ -| `log_analytics\\application_key`_ | Any string | -+----------------------------------------+----------------------------------------------+ | `log_analytics\\auth_path`_ | File path | +----------------------------------------+----------------------------------------------+ | `log_analytics\\tenantdomain`_ | Any string | @@ -268,32 +244,10 @@ This block configures the integration with Azure Log Analytics REST API. | `log_analytics\\request`_ | N/A | +----------------------------------------+----------------------------------------------+ -log_analytics\\application_id -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Identifier of the application that we will use for the authentication and to be able to use the Azure Log Analytics API. It must be used next to the ``application_key`` option obligatorily. Incompatible with ``auth_path`` option. - -+--------------------+--------------------+ -| **Default value** | N/A | -+--------------------+--------------------+ -| **Allowed values** | Any string | -+--------------------+--------------------+ - -log_analytics\\application_key -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Key to the application we will use for authentication and to be able to use the Azure Log Analytics API. It must be used next to the ``application_id`` option obligatorily. Incompatible with ``auth_path`` option. - -+--------------------+--------------------+ -| **Default value** | N/A | -+--------------------+--------------------+ -| **Allowed values** | Any string | -+--------------------+--------------------+ - log_analytics\\auth_path ^^^^^^^^^^^^^^^^^^^^^^^^ -Path of the file that contains the application identifier and the application key for authentication in order to use the Azure Log Analytics API. Incompatible with ``application_id`` and ``application_key`` options. +Path of the file that contains the application identifier and the application key for authentication in order to use the Azure Log Analytics API. +--------------------+--------------------+ | **Default value** | N/A | @@ -440,8 +394,6 @@ graph This block configures the integration with Azure Active Directory Graph REST API. -- `graph\\application_id`_ -- `graph\\application_key`_ - `graph\\auth_path`_ - `graph\\tenantdomain`_ - `graph\\request`_ @@ -449,10 +401,6 @@ This block configures the integration with Azure Active Directory Graph REST API +----------------------------------+----------------------------------------------+ | Options | Allowed values | +==================================+==============================================+ -| `graph\\application_id`_ | Any string | -+----------------------------------+----------------------------------------------+ -| `graph\\application_key`_ | Any string | -+----------------------------------+----------------------------------------------+ | `graph\\auth_path`_ | File path | +----------------------------------+----------------------------------------------+ | `graph\\tenantdomain`_ | Any string | @@ -460,32 +408,10 @@ This block configures the integration with Azure Active Directory Graph REST API | `graph\\request`_ | N/A | +----------------------------------+----------------------------------------------+ -graph\\application_id -^^^^^^^^^^^^^^^^^^^^^ - -Identifier of the application that we will use for the authentication and to be able to use the Azure Active Directory Graph API. It must be used next to the ``application_key`` option obligatorily. Incompatible with ``auth_path`` option. - -+--------------------+--------------------+ -| **Default value** | N/A | -+--------------------+--------------------+ -| **Allowed values** | Any string | -+--------------------+--------------------+ - -graph\\application_key -^^^^^^^^^^^^^^^^^^^^^^ - -Key to the application we will use for authentication and to be able to use the Azure Active Directory Graph API. It must be used next to the ``application_id`` option obligatorily. Incompatible with ``auth_path`` option. - -+--------------------+--------------------+ -| **Default value** | N/A | -+--------------------+--------------------+ -| **Allowed values** | Any string | -+--------------------+--------------------+ - graph\\auth_path ^^^^^^^^^^^^^^^^ -Path of the file that contains the application identifier and the application key for authentication in order to use the Azure Active Directory Graph API. Incompatible with the ``application_id`` and ``application_key`` options. Check the :doc:`credentials ` reference for more information about this topic. +Path of the file that contains the application identifier and the application key for authentication in order to use the AAD Graph API. +--------------------+--------------------+ | **Default value** | N/A | @@ -603,8 +529,6 @@ storage This block configures the integration with Azure Storage. -- `storage\\account_name`_ -- `storage\\account_key`_ - `storage\\auth_path`_ - `storage\\tag`_ - `storage\\container`_ @@ -612,10 +536,6 @@ This block configures the integration with Azure Storage. +----------------------------------+----------------------------------------------+ | Options | Allowed values | +==================================+==============================================+ -| `storage\\account_name`_ | Any string | -+----------------------------------+----------------------------------------------+ -| `storage\\account_key`_ | Any string | -+----------------------------------+----------------------------------------------+ | `storage\\auth_path`_ | File path | +----------------------------------+----------------------------------------------+ | `storage\\tag`_ | Any string | @@ -623,32 +543,10 @@ This block configures the integration with Azure Storage. | `storage\\container`_ | N/A | +----------------------------------+----------------------------------------------+ -storage\\account_name -^^^^^^^^^^^^^^^^^^^^^ - -Identifier of the account name that we will use for the authentication- It must be used next to the ``account_key`` option obligatorily. Incompatible with ``auth_path`` option. - -+--------------------+--------------------+ -| **Default value** | N/A | -+--------------------+--------------------+ -| **Allowed values** | Any string | -+--------------------+--------------------+ - -storage\\account_key -^^^^^^^^^^^^^^^^^^^^ - -Identifier of the account key that we will use for the authentication- It must be used next to the ``account_name`` option obligatorily. Incompatible with ``auth_path`` option. - -+--------------------+--------------------+ -| **Default value** | N/A | -+--------------------+--------------------+ -| **Allowed values** | Any string | -+--------------------+--------------------+ - storage\\auth_path ^^^^^^^^^^^^^^^^^^ -Path of the file that contains the account name and the account key for authentication. Incompatible with ``account_name`` and ``account_key`` options. +Path of the file that contains the account name and the account key for authentication. +--------------------+--------------------+ | **Default value** | N/A |