You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/connect-azure-activity.md
+11-16Lines changed: 11 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,37 +14,32 @@ ms.devlang: na
14
14
ms.topic: conceptual
15
15
ms.tgt_pltfrm: na
16
16
ms.workload: na
17
-
ms.date: 09/23/2019
17
+
ms.date: 03/22/2020
18
18
ms.author: yelevin
19
19
20
20
---
21
21
# Connect data from Azure Activity log
22
22
23
-
24
-
25
-
You can stream logs from [Azure Activity log](../azure-monitor/platform/platform-logs-overview.md) into Azure Sentinel with a single click. The Activity log is a subscription log that provides insight into subscription-level events that occurred in Azure. This includes a range of data, from Azure Resource Manager operational data to updates on Service Health events. Using the Activity log, you can determine the ‘what, who, and when’ for any write operation (PUT, POST, DELETE) taken on the resources in your subscription. You can also understand the status of the operation and other relevant properties. The Activity log does not include read (GET) operations or operations for resources that use the Classic/"RDFE" model.
26
-
23
+
You can stream logs from [Azure Activity log](../azure-monitor/platform/platform-logs-overview.md) into Azure Sentinel with a single click. The Activity log is a subscription log that records and displays subscription-level events across Azure, from Azure Resource Manager operational data to updates on Service Health events. Using the Activity log, you can determine the 'what, who, and when' for any write operation (PUT, POST, DELETE) performed on the resources in your subscription. You can also learn the status of the operation and other relevant properties. The Activity log does not include read (GET) operations or operations for resources that use the Classic/"RDFE" model.
27
24
28
25
## Prerequisites
29
26
30
-
- User with Contributor permissions to Log Analytics workspace
31
-
- User with Reader permissions to the Subscription being connected to perform the Read action on /subscriptions/_subscription_being_monitored_/providers/microsoft.insights/eventtypes/management
32
-
33
-
34
-
## Connect to Azure Activity log
27
+
- Your user must have Contributor permissions to the Log Analytics workspace.
28
+
- Your user must have Reader permissions to any subscription whose logs you want to stream into Azure Sentinel.
35
29
36
-
1. In Azure Sentinel, select **Data connectors** and then click the **Azure Activity log** tile.
30
+
## Set up the Azure Activity connector
37
31
38
-
2. In the Azure Activity log pane, select the subscriptions you want to stream into Azure Sentinel.
32
+
1. From the Azure Sentinel navigation menu, select **Data connectors**. From the list of connectors, click on **Azure Activity**, and then on the **Open connector page** button on the lower right.
39
33
40
-
3. Click **Connect**.
34
+
2. Under the **Instructions** tab, click the **Configure Azure Activity logs >** link.
41
35
42
-
4. To use the relevant schema in Log Analytics for the Azure Activity alerts, search for **AzureActivity**.
36
+
3. In the **Azure Activity log** pane, select the subscriptions whose logs you want to stream into Azure Sentinel.
43
37
38
+
4. In the subscription pane that opens to the right, click **Connect**.
44
39
45
-
40
+
5. To use the relevant schema in Log Analytics for Azure Activity alerts, type `AzureActivity` in the query window.
46
41
47
42
## Next steps
48
43
In this document, you learned how to connect Azure Activity log to Azure Sentinel. To learn more about Azure Sentinel, see the following articles:
49
44
- Learn how to [get visibility into your data, and potential threats](quickstart-get-visibility.md).
50
-
- Get started [detecting threats with Azure Sentinel](tutorial-detect-threats-built-in.md).
45
+
- Get started detecting threats with Azure Sentinel, using [built-in](tutorial-detect-threats-built-in.md) or [custom](tutorial-detect-threats-custom.md) rules.
0 commit comments