Welcome to the new Evident.io Support Portal. Our goal was to make it easier to navigate, so please let us know if you have any questions or concerns. We have migrated the ticket content from the old portal, but you may need to re-register to log in and view your tickets.

Azure external account not generating any real-time alerts

Problem

Azure external account is not generating real-time alerts.

Symptoms

Azure external account has real-time alerting configured, but changes in Azure environment do not show up in ESP within 10 minutes.

Cause

Azure real-time alerting is not properly configured.

Resolution 

For the latest troubleshooting instructions, see: http://docs.evident.io/#azure-troubleshooting

Please follow these troubleshooting steps if you suspect that alerts are not properly generated in your Azure external account.

First, let’s make sure your Azure Function works correctly and sends events to the Evident Security Platform.

  1. Generate an event by navigating to an NSG (Network Security Group) rule, toggle Allow/Deny for inbound rule, and click Save.

  2. Navigate to the Azure Function you created and click Monitor.

  3. Wait 5-10 minutes for Azure to log the event and export to the Function App for processing.  

  4. Click Refresh.

What do you see in Azure Function logs?

Log Entry

Resolution

No log entries

This indicates that the events are not properly forwarded to the Function App.  


Review the documentation and make sure all steps were performed.


Make sure Activity log export is setup for correct Storage Account, and Azure Function app uses correct Connection URL to this Storage Account.

Successful log entry like in example below:

“EvidentEspTrigger called.

Sending to url: https://azure-logs.evident.io/group_messages/123?token=xyz123 for subscription: <YourSubscriptionID>

Successfully posted the message

response:  {"statusCode":200,…”

This means that events are being sent to ESP. If you do not see them in reports, please contact support@evident.io.

Log entry indicates a connection error to the Evident with statusCode:422?

“EvidentEspTrigger called.

Sending to url: https://azure-logs.evident.io/group_messages/123?token=xyz123 for subscription: <YourSubscriptionID>

Successfully posted the message

response:  {"statusCode":422,…”

Check URL in response and in Function code. Update URL if needed, and restart the Function again, this should fix the problem.

If you see error like: Exception while executing function: Functions.BlobTriggerQA442JS1 ---> System.InvalidOperationException : Exception binding parameter 'myBlob' ---> Microsoft.WindowsAzure.Storage.StorageException : The remote server returned an error: (404) Not Found. ---> System.Net.WebException : The remote server returned an error: (404) Not Found

It may happen when restarting Azure Function; this error should be auto-corrected in a few minutes. If it continues to persist please contact support@evident.io.

Are there other errors in the logs?

Please report this occurrence to support@evident.io.

Note: when contacting support@evident.io please provide:

  • External Account Name

  • Function App events with log output