.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
Microsoft AzureNSG event source configuration configured using Microsoft Azure NSG & NetWitness Integration.But the test connection fails with the below error in UI.
failed to connect to device/service: This request is not authorized to perform this operation. ErrorCode: AuthorizationFailure
<?xml version="1.0" encoding="utf-8"?><Error><Code> AuthorizationFailure</Code><Message>This request is not authorized to perform this operation.
RequestId:f6853f8c-f45e-0009-45cc-e5670c000000
Time:2021-11-30T09:30:32.3285803Z</Message></Error>
<?xml version="1.0" encoding="utf-8"?><Error><Code> AuthorizationFailure</Code><Message>This request is not authorized to perform this operation.
RequestId:f6853f8c-f45e-0009-45cc-e5670c000000
Time:2021-11-30T09:30:32.3285803Z</Message></Error>
Cause
This issue is due to Azure storage account access being restricted to the Selected Networks option.Resolution
Please work with the Azure team to allow All networks to access storage account using the below settings.
If Selected Networks to be chosen, then the Netwitness Log collector is running on Azure and is in the same subnet then it may work. But, If it is on-prem then the collector ip which is an internal ip, then the ip that is seen by azure would be the ip of the gateway for selected networks. The customer network team will be able to give the details to choose selected networks.
Product Details
RSA Product Set: RSA NetWitness Logs & NetworkRSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.5.1.0
Platform: CentOS
O/S Version: 7
Summary
This document outlines the procedure to collect logs from Microsoft AzureNSG event source.
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue