Day 8 #100DaysOfCloud

Azure Event Hubs is a real-time data service that can ingest millions of events per second from almost any data source.

It’s possible, for example, to send all Security alerts and Security Recommendations direct to an Event Hub for onward storage and processing.

Creating an Azure Event Hub

Prerequisites:

  1. Azure Subscription (create a free one here)
  2. Resource Group for Event Hub resources

Steps:

  • In the filter field, enter Event Hubs, and press Enter, then choose Event Hubs from the list
  • In the Event Hubs blade, choose Add to create a new Namespace
  • Provide Basic information on Resource Group and choose an Instance, then choose Review + Create
  • Once complete, choose load your Event Hubs Namespace in the portal and choose Event Hubs
  • Choose Event Hub
  • Choose a name for the Event Hub and click Create.
    • Note: The number of Partitions can be increased to allow the EventHub to scale. Message Retention is limited (fixed) to 1 day for the Basic Event Hub, but can be configured to up to 7 days for the Standard Tier.
  • Once Created, your Event Hub instance is ready to use

Event Hub Policy

Before data can be sent to or exported from an Event Hub, a Shared Access Signature (SAS) policy is required.

  • From within your Event Hub Instance, choose Shared Access Policies

Choose Add, then enter a Policy name and choose from the following rights:

  • Send – Gives the right to send messages to the entity
  • Listen – Gives the right to listen or receive to the entity
  • Manage – Gives the right to manage the topology of the namespace, including creation and deletion of entities

What next?

I’m still exploring all the ways a Event Hubs can be used, but in my next post I will be covering how to integrate & make use of an Event Hub to store and forward security events to a SIEM! I’m as excited as you are.

Leave a Reply