Connect the Packet Capture Module to an Azure Blob Storage Profile

Before you can use the Packet Capture Module (PCM Packet Capture Module. A module that performs operations related to packet capture, allowing you to capture network packets and store them as PCAP files for analysis.) to execute harvests The process of retrieving PCAP files from Packet Capture Module devices and transferring them to a customer-provided repository for analysis., you must setup a storage account with write permissions.

This topic describes how to set up a storage account in Microsoft Azure Microsoft Azure. A cloud computing platform that provides infrastructure services, including blob storage for PCAP files and AI inference services used by IQ Assist. with a simple Shared Access Signature (SAS Shared Access Signature. A secure way to grant limited access to Azure storage resources without sharing storage account keys. A SAS token contains permissions and an expiration time.) token so that it can be used as the target of a packet harvest.

A SAS token is a secure way to grant limited access to Azure storage resources without sharing your storage account keys. A SAS token contains permissions and an expiration time that control what operations can be performed and for how long.

Generate a simple SAS token

A simple SAS token is generated directly on a storage account's container with the required permissions and expiration. This is the simpler method to set up but requires the customer to generate and provide the SAS token.

Generate a write-only SAS URL

To generate a write-only SAS URL, the customer must have a storage account and container already created in their Azure subscription. Follow these steps to generate the SAS URL:

1. In Microsoft Azure, select the storage account.

2. In the Security + networking blade, select Networking.

3. Under the Public Access tab, click the button Manage and enable Public network access.

4. In the Data storage blade, select Containers. Then, click on the container that you want to use for packet harvesting.

5. After opening the container, select Shared access tokens from the Settings blade.

6. From the Permissions dropdown menu, select Add, Create, and Write.

7. Select an expiration date for the SAS token.

8. Click Generate SAS token and URL.

You have now generated a Blob SAS token and a Blob SAS URL that provides write-only access to the container. Copy the Blob SAS URL and provide it when configuring the Azure Blob Storage Profile.

Adding a Storage Account Resource ID

You can provide the storage account resource ID to generate a link to the storage account and container. After a harvest creates a pcap file, locate the file in the container to download it.

This resource ID is found under Settings > Endpoints of a storage account. Copy the resource ID. It should look similar to this example:

/subscriptions/f4db119a-3a8b-4056-ba54-638be897fb23/resourceGroups/rg-test-pcap-upload-riverbed/providers/Microsoft.Storage/storageAccounts/testpcapuploadriverbed

The resource ID is used to generate a URL that points to the container in which the system stores harvested pcap files. When users click the link, they are prompted to authenticate in Azure.

Creating a Storage Profile for Azure Container Storage

1. Navigate to the PCM Page:

   1. Click the Launchpad button ⁝⁝⁝.

   2. Click Network Observability > Packet Capture.

2. Click the hamburger icon and select Packet Capture Configuration in the side bar.

3. Click the Storage Profile tab.

4. Click Create Storage Profile.

5. Select Azure Blog Storage from the storage type dropdown.

6. Enter the following information using what you attained in the steps above:

   1. Azure URL.

   2. Azure Resource ID.

7. Click Save. Your Packet Capture Module Azure Blob storage profile is now set up.