Contents x
      Azure Log Analytics 2.0.0
      • 21 Oct 2022
      • 1 Minute to read
      • Dark
        Light
      • PDF
      Contents

      Azure Log Analytics 2.0.0

      • Updated on 21 Oct 2022
      • 1 Minute to read
      • Dark
        Light
      • PDF
      Article summary

      tags: Python | Sensor | Azure | KQL | Redis

      Description

      Integration with Microsoft Azure Log Analytics supports CDC users by providing the extraction of logs from Azure Analytics as observables. This enables CDC users to make informed decisions regarding incident response.

      Log Analytics is the primary tool in the Azure portal for editing log queries and interactively analyzing their results. Even if you intend to use a log query elsewhere in Azure Monitor, you will typically write and test it in Log Analytics before copying it to its final location.

      Log Analytics via Keyword Query Language (KQL) enables us to query against data collected by Azure monitor logs and interactively analyze their results. We use Log Analytics queries to retrieve records that match particular criteria, identify trends, analyze patterns - and provide a variety of insights into our data.

      Integration Type:SIEM
      Information Read:Logs from Log Analytics based on defined criteria.
      API Supported:API v1
      Input:KQL query with predefined criteria.
      Output:Detailed logs that lead to the creation of observables in the CDC.

      Customer Configuration

      No customer configuration

      CDC Command Lines

      No CDC command lines

      Workflows

      * **post_query**
      Post a given Azure Log Analytics.

      Rules

      No rules

      Sensors

      * **AlertsSensor**
      Sensor to pull alerts from Azure Sentinel.

      Poll interval - 30s

      Triggers

      No triggers

      Known Issues

      No known issues

      Was this article helpful?
      What's Next