Azure Event Hub - Learn more about the Azure Event Hub standard data source and content pack in Cortex Cloud. - Administrator Guide

Azure Event Hub - Learn more about the Azure Event Hub standard data source and content pack in Cortex Cloud. - Administrator Guide - Cortex CLOUD

Cortex Cloud Runtime Security Documentation

Product

Cortex Cloud Application Security > Cortex CLOUD

License

Cloud Runtime Security

Creation date

2024-12-24

Last date published

2026-06-04

Category

Administrator Guide

Abstract

Learn more about the Azure Event Hub standard data source and content pack in Cortex Cloud.

You can configure collecting Azure Event Hub logs using a standard data source or with a content pack:

Azure Event Hub vendor	Description
Standard data source overview	Forward different types of logs to Cortex Cloud from Azure Event Hub using the Microsoft Azure Event Hub data source.
Link to standard data source instructions	The following types of logs can be ingested from Azure Event Hub: Activity logs Microsoft Entra ID Activity logs and Microsoft Entra ID Sign-in logs Resource logs, including AKS audit logs For more information, see Ingest logs from Microsoft Azure Event Hub.
Link to content pack details	Azure Logs: Use this content pack to ingest and normalize various Azure logs to the Cortex Data Model (XDM) schema, including Azure Entra ID events ingested via the Office 365 data source, and Azure Logs ingested via the Microsoft Azure Event Hub data source. It includes modeling and parsing rules for log normalization.

Azure Event Hub vendor

Description

Standard data source overview

Forward different types of logs to Cortex Cloud from Azure Event Hub using the Microsoft Azure Event Hub data source.

Link to standard data source instructions

The following types of logs can be ingested from Azure Event Hub:

Activity logs
Microsoft Entra ID Activity logs and Microsoft Entra ID Sign-in logs
Resource logs, including AKS audit logs

For more information, see Ingest logs from Microsoft Azure Event Hub.

Link to content pack details

Azure Logs: Use this content pack to ingest and normalize various Azure logs to the Cortex Data Model (XDM) schema, including Azure Entra ID events ingested via the Office 365 data source, and Azure Logs ingested via the Microsoft Azure Event Hub data source. It includes modeling and parsing rules for log normalization.