Auth0 provides event logs that you can analyze to enhance Security and Operational Monitoring and Insights. This custom Azure Sentinel Data connector ingests critical security signals coming from Auth0. Security teams can monitor authorization traffic, analyze anomalies, and set up alerts for high-risk actions with higher confidence.
-
Click on Deploy to Azure (For both Commercial & Azure GOV)
-
Select the preferred Subscription, Resource Group and Location
Note
Best practice : Create new Resource Group while deploying - all the resources of your custom Data connector will reside in the newly created Resource Group -
Enter the following value in the ARM template deployment
"Function App Name": Auth0 Logs Function App Name "Workspace Id": Azure Log Analytics Workspace Id "Workspace Key": Azure Log Analytics Workspace Key
-
The Auth0 Logs to Azure Blob Storage extension consists of a scheduled job that exports your Auth0 logs to Azure Blob Storage, which is a service that stores unstructured object data, such as text or binary data, in the cloud as objects/blobs
-
Pre-requisites deployment step created Azure Storage Account called <><>sa and "auth0sourcelogs" container,
-
From the Storage Account Settings section, click Access keys. Copy either storage account key value; you will need it in the next section
-
Configure Export Logs to Azure Blob Storage extension