Skip to content

Commit ce2a9a8

Browse files
guywi-msguywi-ms
committed
removed extra file
1 parent 383b024 commit ce2a9a8

File tree

2 files changed

+18
-39
lines changed

2 files changed

+18
-39
lines changed

articles/sentinel/media/summary-rules/diagram-copy.mmd

Lines changed: 0 additions & 24 deletions
This file was deleted.

articles/sentinel/media/summary-rules/diagram.mmd

Lines changed: 18 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,26 +1,29 @@
1-
diagram.mmd
2-
3-
41
---
52
config:
63
look: neo
74
theme: default
5+
sequence:
6+
actorFontSize: 22
7+
messageFontSize: 20
8+
noteFontSize: 20
89
---
910
sequenceDiagram
1011
actor User as User
11-
participant Azure AD as Azure AD
12+
participant Entra ID as Entra ID
1213
participant Azure Monitor as Azure Monitor
1314
participant Log Analytics Workspace as Log Analytics Workspace
1415
participant VM as VM
15-
participant P1 as New Participant
16-
User ->> Azure AD: 1. Register Microsoft Entra application
17-
Azure AD ->> User: Provide Application ID and secret
18-
User ->> Azure AD: 2. Assign the Monitoring Metrics Publisher role to the application
19-
User ->> Azure Monitor: 3. Create Data Collection Endpoint (DCE)
20-
Azure Monitor ->> User: Provide DCE URI
21-
User ->> Azure Monitor: 4. Create Data Collection Rule (DCR)
22-
Azure Monitor ->> User: Provide DCR Immutable ID
23-
User ->> Log Analytics Workspace: 5. Create custom table
24-
User ->> VM: 6. Run LogGenerator.ps1 script
16+
User ->> Entra ID: 1. Register Microsoft Entra application
17+
Entra ID ->> User: Provide Application ID and secret
18+
User ->> Azure Monitor: 2. Create DCE, DCR, and custom Auxiliary table using ARM template
19+
Azure Monitor ->> User: Provide DCE URI and DCR Immutable ID
20+
User ->> Azure Monitor: 3. Grant your application permission to send data to the DCE
21+
User ->> VM: 4. Update Logstash configuration file
2522
VM ->> Azure Monitor: Send data to DCE
26-
Azure Monitor ->> Log Analytics Workspace: Ingest data into custom table
23+
Azure Monitor ->> Log Analytics Workspace: Ingest raw data into CommonSecurityLog_CL table
24+
User ->> Log Analytics Workspace: 5. Query Auxiliary table to verify data ingestion
25+
User ->> Azure Monitor: 6. Create summary rule
26+
VM ->> Azure Monitor: Send data to DCE
27+
Azure Monitor ->> Log Analytics Workspace: Ingest raw data into CommonSecurityLog_CL table
28+
Azure Monitor ->> Log Analytics Workspace: Ingest aggregated data into custom Analytics table
29+
User ->> Log Analytics Workspace: 7. Query Analytics table to view aggregated data

0 commit comments

Comments
 (0)