Push-based CrowdStrike Falcon LogScale integration for Azure.
This repo contains a service for listening to an Azure Event Hub and pushing all events to LogScale, as well as Bicep scripts for setting up the necessary infrastructure in Azure, including sending Azure Activity Log data.
Be aware that this will incur additional costs from Azure. Azure Pricing Calculator
- .NET 8.0 or later
- Azure Bicep CLI
- LogScale API token and endpoint URL
| Name | Description | Optional? | Default Value |
|---|---|---|---|
| LogScale Endpoint | Endpoint of your LogScale server, e.g. ops.us.humio.com. |
No | |
| Ingest Token | Ingest token from LogScale. Section on ingest tokens in the LogScale documentation. | No | |
| Azure Location Name | Location name of Azure location. List available values with az account list-locations -o table. |
Yes | eastus |
| Deployment Name | Name of deployment in Azure. | Yes | logscaleingest |
./deploy.sh logscale-endpoint ingest-tokenExample:
./deploy.sh ops.us.humio.com 01234567-89ab-cdef-0123-456789abcdef./deploy.sh logscale-endpoint ingest-token location deployment-name
Example with default values:
./deploy.sh ops.us.humio.com 01234567-89ab-cdef-0123-456789abcdef eastus logscaleingestA few other settings can be configured in deploy.bicepparam.
If you wish to remove the integration, simply delete the created resource group and the appropriate diagnostic setting.
If you encounter any issues, you can create an issue on our Github repo for bugs, enhancements, or other requests.
You can contribute by:
- Raising any issues you find during usage
- Fixing issues by opening Pull Requests
- Improving documentation
All bugs, tasks or enhancements are tracked as GitHub issues.
- LogScale Introduction: LogScale Beginner Introduction
- LogScale Training: LogScale Overview
- More about Falcon LogScale: Falcon LogScale Services