Skip to content

Azure Discovery

This topic allows you to setup the Azure configuration for installing Privacera Discovery.

Prerequisites

Ensure the following prerequisites are met:

Azure Storage Account

  • Create an Azure storage account. For more information, refer to Microsoft's documentation Create a storage account.
  • Create a private-access container. For more information, refer to Microsoft's documentation Create a container.
  • Get the access key. For more information, refer to Microsoft's documentation View account access keys.

Azure Cosmos DB Account

  • Create an Azure Cosmos DB, For more information, refer to Microsoft's documentation Cosmos DB.
  • Get the URI from the Overview section.
  • Get the Primary Key from the Settings > Keys section.
  • Set the consistency to Strong in the Settings > Default Consistency section.

For Terraform

  • Assign permissions to create Azure resources using managed-identity. For more information, refer to create Azure resources.

CLI Configuration

  1. SSH to the instance where Privacera is installed.

  2. Configure your environment.

    • Configure Discovery for a Kubernetes environment. You need to set the Kubernetes cluster name. For more information, see Discovery (Kubernetes Mode)

    • For a Docker environment, you can skip this step.

  3. ​Run the following commands.

    cd ~/privacera/privacera-manager  
    cp config/sample-vars/vars.kafka.yml config/custom-vars
    vi config/custom-vars/vars.kafka.yml
    
  4. Run the following commands.

    cd ~/privacera/privacera-manager  
    cp config/sample-vars/vars.discovery.azure.yml config/custom-vars
    vi config/custom-vars/vars.discovery.azure.yml
    
  5. Edit the following properties. For property details and description, refer to the Configuration Properties below.

    DISCOVERY_FS_PREFIX: "<PLEASE_CHANGE>"
    DISCOVERY_AZURE_STORAGE_ACCOUNT_NAME: <PLEASE_CHANGE>"
    DISCOVERY_COSMOSDB_URL: <PLEASE_CHANGE>"
    DISCOVERY_COSMOSDB_KEY: "<PLEASE_CHANGE>"
    DISCOVERY_AZURE_STORAGE_ACCOUNT_KEY: "<PLEASE_CHANGE>"
    CREATE_AZURE_RESOURCES: "false"
    DISCOVERY_AZURE_RESOURCE_GROUP: "<PLEASE_CHANGE>"
    DISCOVERY_AZURE_COSMOS_DB_ACCOUNT: "<PLEASE_CHANGE>"
    DISCOVERY_AZURE_LOCATION: "<PLEASE_CHANGE>"
    
  6. (Optional) If you want to customize Discovery configuration further, you can add custom Discovery properties. For more information, refer to Discovery Custom Properties.

    For example, by default, the username and password for the Discovery service is padmin/padmin. If you choose to change it, refer to Add Custom Properties.

  7. To configure real-time scan for audits, refer to Pkafka.

  8. Run the following commands.

    cd ~/privacera/privacera-manager  
    ./privacera-manager.sh update
    

Configuration Properties

Property Description Example
DISCOVERY_ENABLE In the **Basic** tab, enable/disable Privacera Discovery.
DISCOVERY_REALTIME_ENABLE

In the **Basic** tab, enable/disable real-time scan in Privacera Discovery.

For real-time scan to work, ensure the following:

  • If you want to scan the default ADLS app registered by the system at the time of installation, keep its app properties unchanged in Privacera Portal.
  • If you want to scan a user-registered app, the app properties in Privacera Portal and its corresponding discovery.yml should be the same.
  • At a time, only one app can be scanned. 

DISCOVERY_FS_PREFIX Enter the container name. Get it from the Prerequisites section. container1
DISCOVERY_AZURE_STORAGE_ACCOUNT_NAME Enter the name of the Azure Storage account. Get it from the Prerequisites section. azurestorage
DISCOVERY_COSMOSDB_URL

DISCOVERY_COSMOSDB_KEY
Enter the Cosmos DB URL and Primary Key. Get it from the Prerequisites section. DISCOVERY_COSMOSDB_URL: "https://url1.documents.azure.com:443/"

DISCOVERY_COSMOSDB_KEY: "xavosdocof"
DISCOVERY_AZURE_STORAGE_ACCOUNT_KEY Enter the Access Key of the storage account. Get it from the Prerequisites section. GMi0xftgifp==
[Properties of Topic and Table names](../pm-ig/customize_topic_and_tables_names.md) Topic and Table names are assigned by default in Privacera Discovery. To customize any topic or table name, refer to the link.
PKAFKA_EVENT_HUB In the **Advanced > Pkafka Configuration** section, enter the Event Hub name. Get it from the Prerequisites section. eventhub1
PKAFKA_EVENT_HUB_NAMESPACE In the **Advanced > Pkafka Configuration** section, enter the name of the Event Hub namespace. Get it from the Prerequisites section. eventhubnamespace1
PKAFKA_EVENT_HUB_CONSUMER_GROUP In the **Advanced > Pkafka Configuration** section, enter the name of the Consumer Group. Get it from the Prerequisites section. congroup1
PKAFKA_EVENT_HUB_CONNECTION_STRING In the **Advanced > Pkafka Configuration** section, enter the connection string. Get it from the Prerequisites section. Endpoint=sb://eventhub1.servicebus.windows.net/;
SharedAccessKeyName=RootManageSharedAccessKey;
SharedAccessKey=sAmPLEP/8PytEsT=
CREATE_AZURE_RESOURCES For terraform usage, assign the value as true. Its default value is false. true
DISCOVERY_AZURE_RESOURCE_GROUP Get the value from the Prerequisite section. resource1
DISCOVERY_AZURE_COSMOS_DB_ACCOUNT Get the value from the Prerequisite section. database1