Version: 1.0 Author: Naveen Kumar
Use Case: The Purpose of this Azure Function is to send Prisma Cloud Alerts to Customer on-premises SIEM/Syslog Server using webhook integration.
Function Architecture: Setup Azure Function in App Service Plan to integrate Azure Function with Virtual Network.
Prisma Cloud – > Webhook (Azure Function) – > Vnet Integration – > Route traffic to on-premise data center syslog server.
Create a Function App
- Publish: Code
- Runtime stack: Python
- Version: 3.11
Step 2: Azure Function integration with Azure VNET
Open Function Networking setting:
Click, Outbound Traffic configuration - Virtual Network Integration
Click, Add virtual network integration
Select VNET and Subnet and click Connect. [This integration will be used to route traffic from Azure Function to SIEM/Syslog Server]
You might need to update route table to route traffic depending on your environment.
Step 3: Deploy Azure Function
Open Azure Function and Click Create
Select HTTP Trigger and click Create
Open function. Click Function name “http_trigger”
Click Code+Test
Delete Default Code with Azure Function Code and Click on Save.
IMP: SYSLOG_HOST is your Syslog server IP address
IMP: SYSLOG_PORT is syslog server port number
Update variables with your syslog server ip address and port number.
Click on Get function URL and copy function URL. This function URL is Prisma Cloud webhook address.
Follow Prisma Cloud documentation link to configure webhook integration in Prisma Cloud console.