Azure Blob integration

This page includes:

• Azure Blob integration
  • About the Azure Blob integration
  • Prerequisites
  • The Azure Blob integration procedure
  • Additional configurations
  • Flow chart diagram

Note: Before implementing this channel integration, contact your Customer Success Manager for Perception Point X‑Ray to make sure that this functionality is included in your current Perception Point X‑Ray license.

About the Azure Blob integration

Perception Point can be integrated with various products. This page explains what configurations are required to integrate Perception Point with Azure Blob - to enhance your Azure Blob security. Perception Point’s Azure Blob Threat Detection [ABTD] monitors your Azure Blob Storage account containers for malicious file uploads. This page describes what must be performed by Perception Point Support and what must be performed by you, the customer, to perform the integration.

When Perception Point is integrated with Azure Blob, Perception Point scans every file that is uploaded to a specified container in Azure Blob. Scan details are included in the Scans page in Perception Point X‑Ray.

Azure Blob Threat Detection [ABTD] runs as an Azure Function in your account, utilizing an Azure Blob storage trigger for Azure Functions. This trigger polls a specified container every few seconds, to detect file upload events. Every time a file upload event is generated, the function creates a temporary shared access signature (SAS) token for that specific file. The SAS token is then sent to Perception Point, along with the file’s Uniform Resource Identifier (URI). Perception Point then downloads the file and performs the scan. The result of the scan is available in the Scans page in Perception Point.

Quarantine functionality is currently not available for the "Perception Point - Azure Blob" integration.

Prerequisites

In order to perform the required integration with Perception Point X‑Ray, make sure that you have the following prerequisites:

• Python 3 based Azure Function App using App Service Plan (See Function App configuration below)

• Azure Blob Storage account with Blob containers

The Azure Blob integration procedure

The integration procedure below requires basic knowledge of git, and includes a modification of a JSON file.

1. Clone the latest repository [that contains everything that is needed to configure the Function App], or download the latest source code.

2. Download and install Visual Studio Code, and install the Azure Functions extension.

3. Open the cloned repository using Visual Studio Code.

4. Specify the container to be scanned and the optional filters - in function.json

   [Replace the "path" option in line 9 of function.json.]

5. Open the Azure extension in Visual Studio Code (Alt+Shift+A) and log-in.

6. Expand the Function App section under your subscription. Find the Function App in which you want to install the function, and expand the section.

7. Right-click the Application Settings option, and select Add New Setting.

   • PP_ENV: us-east-1 or eu-west-1 - depending on the environment of your organization.

     Note: What is the environment of your organization In Perception Point X‑Ray, go to Account > Preferences. The Environment of your organization will appear under General > Info: US, EU, or AUS.

   • PP_TOKEN: Either:

     • Your API key. For details on how to find your API key, see Profile.

     • An organizational token that you can request from Perception Point Customer Success.

   • AZURE_STORAGE_CONNECTION_STRING: Your Storage Account connection string (See Storage Account connection string below).

8. Right-click your Function App, and select Deploy to Function App.

   After the deployment finishes, the configuration should look like this:

   

   You should now see scan results in the Scans page of Perception Point. For details, see Working with Scans.

Additional configurations

You'll need these configurations when you perform the integration procedure that is described in "The Azure Blob integration procedure".

Function App configuration

Make sure that the Function App uses one of the following Plan type options:

• App service plan

• Functions Premium

You may experience significant delays, or even infinite delays, in event triggers when using the default Serverless option.

Storage Account connection string

The Storage Account connection string can be found under Access Keys in the Storage Account settings page. Click Show keys, and then copy the connection string of one of the available keys.

Flow chart diagram

Hover your cursor over the graphic below to enlarge it

See also: 

• Integrating Channels