Skip to main content

Privacera Documentation

Table of Contents

Enable Pkafka for real-time audits in Discovery on Privacera Platform

This topic shows you how to enable Pkafka for real-time audits in Privacera Discovery.

Prerequisites
  • Create an Event Hub namespace with a region similar to the region of a Storage Account you want to monitor. For more information, refer to Microsoft's documentation: Create an Event Hubs namespace

  • Create an Event Hub in the Event Hub namespace. For more information, refer to Microsoft's documentation: Create an event hub

  • Create a consumer group in the Event Hub by going to Azure Portal > Event Hubs namespace > Event Hub > Consumer Groups > +Consumer Group. The Consumer Groups tab will be under Entities of the Event Hub page.

  • Get the connection string of the Event Hub namespace. For more information, refer to Microsoft's documentation: Get connection string for a namespace

  • Create an Event Subscription for the Event Hub namespace with the Event Type as Blob Created and Blob Deleted. For more information, refer to Microsoft's documentation: Integration with Event Grid

    Note

    When you create an event grid subscription, clear the checkbox Enable subject filtering.

Procedure

To enable Pkafka, follow these steps:

  1. SSH to the instance where Privacera is installed.

  2. Run the following commands.

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.pkafka.azure.yml config/custom-vars/
    vi config/custom-vars/vars.pkafka.azure.yml
  3. Edit the following properties. For property details, see Pkafka configuration properties.

    PKAFKA_EVENT_HUB: "<PLEASE_CHANGE>"
    PKAFKA_EVENT_HUB_NAMESPACE: "<PLEASE_CHANGE>"
    PKAFKA_EVENT_HUB_CONSUMER_GROUP: "<PLEASE_CHANGE>"
    PKAFKA_EVENT_HUB_CONNECTION_STRING: "<PLEASE_CHANGE>"
    DISCOVERY_REALTIME_ENABLE: "true"
  4. Run the following commands.

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh update

Pkafka configuration properties

Property

Description

Example

PKAFKA_EVENT_HUB

Enter the Event Hub name. Get it from the Prerequisites section above.

eventhub1

PKAFKA_EVENT_HUB_NAMESPACE

Enter the name of the Event Hub namespace. Get it from the Prerequisites section above.

eventhubnamespace1

PKAFKA_EVENT_HUB_CONSUMER_GROUP

Enter the name of the Consumer Group. Get it from the Prerequisites section above.

congroup1

PKAFKA_EVENT_HUB_CONNECTION_STRING

Enter the connection string. Get it from the Prerequisites section above.

Endpoint=sb://eventhub1.servicebus.windows.net/;

SharedAccessKeyName=RootManageSharedAccessKey;

SharedAccessKey=sAmPLEP/8PytEsT=

DISCOVERY_REALTIME_ENABLE

Add this property to enable/disable real-time scan. By default, it is set to false.

Note

This is a custom property, and has to be added separately to the YAML file.

For real-time scan to work, ensure the following:

  • If you want to scan the default ADLS app registered by the system at the time of installation, keep its app properties unchanged in Privacera Portal.

  • If you want to scan a user-registered app, the app properties in Privacera Portal and its corresponding discovery.yml should be the same.

  • At a time, only one app can be scanned.

true