[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis guide explains how to export Azure API Management logs to Google Security Operations using an Azure Storage Account.\u003c/p\u003e\n"],["\u003cp\u003eYou must first configure an Azure Storage Account by creating a new account, specifying its details, and saving its access key and blob service endpoint URL.\u003c/p\u003e\n"],["\u003cp\u003eYou then configure log export for Azure API Management logs by creating a new diagnostic setting, selecting the relevant logs, and archiving them to the previously created storage account.\u003c/p\u003e\n"],["\u003cp\u003eFinally, configure a new feed within Google SecOps by specifying the source type, log type, Azure URI, URI type, deletion options, shared key, asset namespace, and ingestion labels.\u003c/p\u003e\n"]]],[],null,["# Collect Azure API Management logs\n=================================\n\nSupported in: \nGoogle secops [SIEM](/chronicle/docs/secops/google-secops-siem-toc)\n| **Note:** This feature is covered by [Pre-GA Offerings Terms](https://chronicle.security/legal/service-terms/) of the Google Security Operations Service Specific Terms. Pre-GA features might have limited support, and changes to pre-GA features might not be compatible with other pre-GA versions. For more information, see the [Google SecOps Technical Support Service guidelines](https://chronicle.security/legal/technical-support-services-guidelines/) and the [Google SecOps Service Specific Terms](https://chronicle.security/legal/service-terms/).\n\nThis document explains how to export Azure API Management logs to Google Security Operations using an Azure Storage Account.\n\nBefore you begin\n----------------\n\nEnsure you have the following prerequisites:\n\n- Google SecOps instance\n- An active Azure tenant\n- Privileged access to Azure\n\nConfigure Azure Storage Account\n-------------------------------\n\n1. In the Azure console, search for **Storage accounts**.\n2. Click **+ Create**.\n3. Specify values for the following input parameters:\n - **Subscription**: Select the subscription.\n - **Resource Group**: Select the resource group.\n - **Region**: Select the region.\n - **Performance**: Select the performance (Standard recommended).\n - **Redundancy**: Select the redundancy (GRS or LRS recommended).\n - **Storage account name**: Enter a name for the new storage account.\n4. Click **Review + create**.\n5. Review the overview of the account and click **Create**.\n6. From the **Storage Account Overview** page, select the **Access keys** submenu in **Security + networking**.\n7. Click **Show** next to **key1** or **key2**.\n8. Click **Copy to clipboard** to copy the key.\n9. Save the key in a secure location for later use.\n10. From the **Storage Account Overview** page, select the **Endpoints** submenu in **Settings**.\n11. Click **Copy to clipboard** to copy the **Blob service** endpoint URL; for example, `https://\u003cstorageaccountname\u003e.blob.core.windows.net`.\n12. Save the endpoint URL in a secure location for later use.\n\nHow to configure Log Export for Azure API Management Logs\n---------------------------------------------------------\n\n1. Sign in to the **Azure Portal** using your privileged account.\n2. In the Azure portal, find and select the **API Management service** instance.\n3. Select **Monitoring \\\u003e Diagnostic settings**.\n4. Click **+ Add diagnostic setting** .\n - Enter a descriptive name for the diagnostic setting.\n5. Select Logs related to **ApiManagement Gateway**.\n6. Select the **Archive to a storage account** checkbox as the destination.\n - Specify the **Subscription** and **Storage Account**.\n7. Click **Save**.\n\nSet up feeds\n------------\n\nThere are two different entry points to set up feeds in the\nGoogle SecOps platform:\n\n- **SIEM Settings \\\u003e Feeds \\\u003e Add New**\n- **Content Hub \\\u003e Content Packs \\\u003e Get Started**\n\nHow to set up the Azure API Management feed\n-------------------------------------------\n\n1. Click the **Azure Platform** pack.\n2. Locate the **Azure API Management** log type and click **Add new feed**.\n3. Specify values for the following fields:\n\n - **Source Type**: Microsoft Azure Blob Storage V2.\n - **Azure URI** : The blob endpoint URL.\n - `ENDPOINT_URL/BLOB_NAME`\n - Replace the following:\n - `ENDPOINT_URL`: The blob endpoint URL (`https://\u003cstorageaccountname\u003e.blob.core.windows.net`)\n - `BLOB_NAME`: The name of the blob (such as, `insights-logs-\u003clogname\u003e`)\n - **Source deletion options**: Select the deletion option according to your ingestion preferences.\n\n | **Note:** If you select the `Delete transferred files` or `Delete transferred files and empty directories` option, make sure that you granted appropriate permissions to the service account.\n - **Maximum File Age**: Includes files modified in the last number of days. Default is 180 days.\n\n - **Shared key**: The access key to the Azure Blob Storage.\n\n **Advanced options**\n - **Feed Name**: A prepopulated value that identifies the feed.\n - **Asset Namespace** : [Namespace associated with the feed](/chronicle/docs/investigation/asset-namespaces).\n - **Ingestion Labels**: Labels applied to all events from this feed.\n4. Click **Create feed**.\n\n| **Note:** The Content Hub is not available on the SIEM standalone platform. To upgrade, contact your Google SecOps representative.\n\nFor more information about configuring multiple feeds for different log types within this product family, see [Configure feeds by product](/chronicle/docs/ingestion/ingestion-entities/configure-multiple-feeds).\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
