Azure Event Sources

Azure event sources allow you to ingest different types of Azure event logs. Currently we support Azure Activity Logs and Entra Logs.

RunReveal offers two ways to ingest these logs into your account.

Webhook

The first option is to use a RunReveal Webhook to forward events from Azure directly to RunReveal. This method sends Azure events to an event hub which triggers an Azure function. This function will then forward the logs to RunReveal using the supplied webhook URL.

The webhook method can deliver events to RunReveal more quickly, with the downside of costing more in your Azure environment.

Blob Storage

The second option is to use Azure Storage to store events as they are generated. When new files are created a notification is generated that is read by RunReveal. Logs are then ingested by reading the storage objects.

The blob storage method has the downside of being slower to ingest logs, but can be significantly cheaper than using the webhook method. It also provides the added benefit of storing logs in your Azure account for archival purposes.