Setting up your Azure Data Explorer cluster in the Azure Portal
-
Sign up for an Azure account; at portal.azure.com/
-
In the Azure portal menu: go to Azure Data Explorer cluster
3. Create a new Azure Data explorer cluster
4. Add a dabase to your Cluster. Name it "SecurityLogs"
-
Look for app registrations in the resource menu
-
Register an applicaiton and give it a name. I named mine "kc7app", but you can name it anything (I would recommend giving it a meaningful name).
-
Give your registered app API permissions to your ADX cluster
API Permissions > Add a permission > Azure Data explorer
-
In the next screen add a
user_impersonationpermission
-
Generate a client secret for your application (NOTE: The app secret can only be viewed right after you create it. So be sure to copy it (the value) down somewhere. You will need this later).
-
You will find your app client Id in the overview section of your registered app.
-
Go back to your ADX cluster and add your registered application as an Service admin
Azure Data Explorer > Your ADX cluser > Permissions > Add database admin > Select your registered app name
Next you have to fill in the required variables page in the config.py
################################
# AZURE ENVIRONMENT VARIABLES
# FOLLOW THE README TO REPLACE THESE VALUES
################################
AAD_TENANT_ID = "{YOUR TENANT ID}" #https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant
KUSTO_URI = "https://{clustername}.eastus.kusto.windows.net"
KUSTO_INGEST_URI = "https://ingest-{clustername}.eastus.kusto.windows.net"
DATABASE = "SecurityLogs"
# Register an azure application and generate secrets
# give the app permission to edit your azure data explorer cluster
# App secret can only be seen right after creation
CLIENT_ID = "{YOUR REGISTERED APP CLIENT ID}"
CLIENT_SECRET = "{YOUR RESTERED APP CLIENT SECRET}"You will find your kusto url variables in the overview section of your ADX cluster.
