In the earlier article, we saw how to establish the connection between the Audit Log and Event Hub. Now, let us create an Azure Function. Let us try to capture the Delete User activity. Whenever a User got deleted from the Active Directory, it will be captured on the Audit Log and the Message will be sent to the Event Hub and from there, an Azure function will trigger. That’s the flow.
1. Now, let us go back to the Portal and Create an Azure Function.
2. Now, once the Function App got created, let us create the functions.
3. The trigger type, I am selecting it as “Azure Event Hub Trigger”
4. Now, map the Event Hub which we created in the earlier article.
5. Configure the data as below.
6. With this we are done with our configuration. Now, let us go back to our active directory and delete a User.
7. Now, let us wait for few mins. We need to verify in 3 places.
a. Audit Logs
b. Event Hub
c. Function App – Execution
8. Audit Logs
9. Event Hub
10. Azure Function App Monitoring
Now, we saw the Azure Function got triggered and it writes the message in the log. In the next article, let us see how to create a Custom Azure Function and Process this Message in a meaningful way.
Happy Coding
Sathish Nadarajan
Leave a comment