Pkafka
This topic allows you to enable Pkafka for real-time audits in Privacera Discovery.
Prerequisites
Ensure the following prerequisites are met:
-
Create an Event Hub namespace with a region similar to the region of a Storage Account you want to monitor. For more information, refer to Microsoft's documentation Create an Event Hubs namespace.
-
Create Event Hub in the Event Hub namespace. For more information, refer to Microsoft's documentation Create an event hub.
-
Create a consumer group in the Event Hub.
Azure Portal > Event Hubs namespace > Event Hub > Consumer Groups > +Consumer Group. The Consumer Groups tab will be under Entities of the Event Hub page.
-
Get the connection string of the Event Hubs namespace. For more information, refer to Microsoft's documentation Get connection string from the portal.
-
Create an Event Subscription for the Event Hubs namespace with the Event Type as Blob Created and Blob Deleted. For more information, refer to Microsoft's documentation Create an Event Grid subscription.
Note
When you create an event grid subscription, clear the checkbox Enable subject filtering.
CLI Configuration
-
SSH to the instance where Privacera is installed.
-
Run the following commands.
cd ~/privacera/privacera-manager cp config/sample-vars/vars.pkafka.azure.yml config/custom-vars/ vi config/custom-vars/vars.pkafka.azure.yml
-
Edit the following properties. For property details and description, refer to the Configuration Properties below.
PKAFKA_EVENT_HUB: "<PLEASE_CHANGE>" PKAFKA_EVENT_HUB_NAMESPACE: "<PLEASE_CHANGE>" PKAFKA_EVENT_HUB_CONSUMER_GROUP: "<PLEASE_CHANGE>" PKAFKA_EVENT_HUB_CONNECTION_STRING: "<PLEASE_CHANGE>" DISCOVERY_REALTIME_ENABLE: "true"
-
Run the following commands.
cd ~/privacera/privacera-manager ./privacera-manager.sh update
Configuration Properties
Property | Description | Example |
---|---|---|
PKAFKA_EVENT_HUB | Enter the Event Hub name. Get it from the Prerequisites section above. | eventhub1 |
PKAFKA_EVENT_HUB_NAMESPACE | Enter the name of the Event Hub namespace. Get it from the Prerequisites section above. | eventhubnamespace1 |
PKAFKA_EVENT_HUB_CONSUMER_GROUP | Enter the name of the Consumer Group. Get it from the Prerequisites section above. | congroup1 |
PKAFKA_EVENT_HUB_CONNECTION_STRING | Enter the connection string. Get it from the Prerequisites section above. | Endpoint=sb://eventhub1.servicebus.windows.net/; SharedAccessKeyName=RootManageSharedAccessKey; SharedAccessKey=sAmPLEP/8PytEsT= |
DISCOVERY_REALTIME_ENABLE
|
Add this property to enable/disable real-time scan. By default, it is set to false. Note: This is a custom property, and has to be added separately to the YAML file. For real-time scan to work, ensure the following:
|
true |