Setting up your Azure Data Explorer cluster in the Azure Portal - KC7-Foundation/kc7 GitHub Wiki

Create an Azure Data Explorer Cluster

  1. Sign up for an Azure account; at portal.azure.com/

  2. In the Azure portal menu: go to Azure Data Explorer cluster

Alt text 3. Create a new Azure Data explorer cluster Alt text

Alt text 4. Add a dabase to your Cluster. Name it "SecurityLogs" Alt text

Register an Azure Application and give it permissions to your cluster

  1. Look for app registrations in the resource menu Alt text

  2. Register an applicaiton and give it a name. I named mine "kc7app", but you can name it anything (I would recommend giving it a meaningful name). Alt text

  3. Give your registered app API permissions to your ADX cluster API Permissions > Add a permission > Azure Data explorer Alt text

  4. In the next screen add a user_impersonation permission Alt text

  5. Generate a client secret for your application (NOTE: The app secret can only be viewed right after you create it. So be sure to copy it (the value) down somewhere. You will need this later). Alt text Alt text

  6. You will find your app client Id in the overview section of your registered app. Alt text

  7. Go back to your ADX cluster and add your registered application as an Service admin

Azure Data Explorer > Your ADX cluser > Permissions > Add database admin > Select your registered app name Alt text

Gather your environmental variables

Next you have to fill in the required variables page in the config.py

################################
# AZURE ENVIRONMENT VARIABLES
# FOLLOW THE README TO REPLACE THESE VALUES
################################

AAD_TENANT_ID = "{YOUR TENANT ID}" #https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant
KUSTO_URI = "https://{clustername}.eastus.kusto.windows.net"
KUSTO_INGEST_URI =  "https://ingest-{clustername}.eastus.kusto.windows.net"
DATABASE = "SecurityLogs"

# Register an azure application and generate secrets
# give the app permission to edit your azure data explorer cluster
# App secret can only be seen right after creation
CLIENT_ID = "{YOUR REGISTERED APP CLIENT ID}" 
CLIENT_SECRET = "{YOUR RESTERED APP CLIENT SECRET}"

You will find your kusto url variables in the overview section of your ADX cluster. Alt text