Hi,
We have QRadar set up and I'm trying to get logs from an event hub over to QRadar. I have followed the instructions given by both IBM and Microsoft and created both the event hub and storage account as per these.
https://www.ibm.com/docs/en/dsm?topic=options-configuring-microsoft-azure-event-hubs-communicate-qradar
https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/stream-monitoring-data-event-hubs
When I run a test from QRadar for connectivity it outputs an error saying unable to connect to the storage account, see below:
Error: An error occurred that represents an exception for the Microsoft Azure Storage Service.
Error: Unable to connect to the Storage Account [****]. Ensure that the Storage Account Connection String is valid and that QRadar can connect to [****.blob.core.windows.net]
Error: The error didn't provide an error message that could be posted.
Before this, it is successful in parsing event hub and storage account connection string and subsequently the DNS resolution and TCP/SSL connections to both and it successfully downloads the certificates.
I don't know what I've done wrong here, are there permissions for QRadar that I need to set for the storage account? As I can't find these if there are.
I would much appreciate any help. Thanks in advance!
If you need any more info please let me know