Enable internet access to the blob storage account
1. From the blob storage account, select the Firewalls and virtual networks setting.
2.
Select Allow access from All networks, then save your changes.
Generate an Azure Storage Account Shared Access
Signature URL
After you create a storage account, generate a shared access signature (SAS) for the
storage account to allow Secure Cloud Analytics permission to retrieve the flow log data
from the storage account. Then, copy the Blob service SASURL. Secure Cloud Analytics
uses the Blob service SASURL to retrieve the flow log data from the storage account.
SASpermissions are time-limited, based on configuration. If your
SASpermissions expire, Secure Cloud Analytics cannot retrieve flow log data
from the storage account.
1. Log into your Azure portal.
2. Select More Services >Storage >Storage Accounts.
3. Select the storage account configured to store flow log data.
4. Select Shared access signature.
5. In the Allowed services field, select the Blob.
6. In the Allowed resource types field, select Service, Container, and Object.
7. In the Allowed permissions, select Read and List .
8. Enter a Start time corresponding to your current time.
9. Enter an End time corresponding to at least one year from the current time.
10. In the Allowed protocols field, select the HTTPS only.
11. Click Generate SASand connection string.
12. Copy the Blob service SASURLand paste it into a plaintext editor.
If restricting access to this storage account based on IP, make sure that
communication with the relevant IPs is allowed. Go to your Secure Cloud
Analytics web portal, select Settings > Integrations > Azure > About to see the
list of public IPs used by Secure Cloud Analytics.
Enable Azure Network Watcher
After you generate the blob storage SASURL, enable Network Watcher in the region
containing your resource groups, if you have not already enabled it. Azure requires
© 2023 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 8 -
Azure Configuration