This Azure Monitor Workbook can help identify by using KQL (Kusto Query Language) data from AzureActivity and Azure Resource Graph (ARG) which IP addresses are configured and when. Tip you can also use the queries to form an Alert in Azure Monitor or Azure Sentinel to detect when a IP address is made public. Demo: Read more
I hadn’t intended a Part 2 on this topic, but I also managed to add Tabs into the “FindMySyntax” Workbook for Azure Monitor Workbooks and Azure Resource Graph. Please see part1: https://www.microsoft.com/en-gb/industry/blog/cross-industry/2020/06/18/log-analytics-kql-saved-queries-how-to-find-and-run-them-in-a-workbook/ For future versions please look here: https://github.com/CliveW-MSFT/KQLpublic/tree/master/KQL/Workbooks/findMySynatx Summary So why do I have a Azure Monitor Workbook to find Workbooks, two main reasons: Read more
In my previous post I talked about using Postman to make a REST API call to a Log Analytics workspace to view and change the retention settings. Equally I mentioned that I would look to utilise an Azure Monitor workbook to visualise the settings. Azure Monitor workbooks are a fantastic way to visualise data within Read more
Summary Log Analytics has a option called Query Explorer (note, this is due to be updated, so this example is applicable for a short period of time). If like me you have 100’s of saved queries, managing them can be a challenge (my #1 challenge!), lets fix that with a Azure Monitor Workbook… One of Read more
Hi all, This is the first of two posts that I will be doing on how you can report on the Retention settings of an Azure Log Analytics workspace. In the second post I will provide a sample Workbook for displaying the settings. It is often that during my conversations with customers about Azure Monitor, Read more
In this post I show how you can schedule a report to run, using a Log Analytics query, its a frequent ask and one I have answered a few times in posts like this: https://techcommunity.microsoft.com/t5/azure-log-analytics/log-analytics-for-report-generation/m-p/1469610 Question: Can I schedule a query to run in Azure Monitor Logs / Log Analytics (or even for Azure Sentinel) Read more
A few times this week I’ve had two discussions. How is my Azure Security Center (ASC) licenced and configured? And how many workspaces do I have, and what retention policy is set. You can look in the portal, however to do this at scale, lets use Azure Resource graph: I suggest you use Read more
Hi all, I just found out today that the Render operator now supports more features in Log Analytics. Event | summarize dcount(EventID) by Computer , bin(TimeGenerated, 1h) | render timechart with (legend = hidden, title = “My Title here”, xtitle = “X title”, ytitle = “Y title”, ymin = 3, ymax = 10) Read more
Azure Sentinel Playbooks (based on Logic Apps) are commonly used to take Alert data and perform a Security Orchestration, Automation and Response (SOAR) capability For this issue (I was asked about it twice today so decided to post the answer). You can use the “Run query and visualise results” to take the Query from the Read more
KQL has some IPV4 features. A new one last month is IPV4_is_match : https://docs.microsoft.com/en-us/azure/kusto/query/ipv4-is-matchfunction Two examples (more here https://github.com/CliveW-MSFT/KQLpublic/blob/master/Queries/CIDRexamples ): 1.Using the SigninLogs Table as data. This example takes an IP Address from the log and sees if it is in an allowed range or not. You define whats allowed or not in the CASE Read more
Sorry I’ve been away for while, however I’m back with a few articles on Azure Monitor Workbooks. Thanks to Alp Babayigit for the idea and use case for this Workbook. I first started with Workbooks when Azure Sentinel was launched and published some articles here: https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-and-azure-arc/ba-p/999379 https://techcommunity.microsoft.com/t5/azure-sentinel/how-to-use-azure-sentinel-to-follow-a-users-travel-and-map-their/ba-p/981716 https://techcommunity.microsoft.com/t5/azure-sentinel/how-to-use-azure-monitor-workbooks-to-map-sentinel-data/ba-p/971818 Summary In this new Workbook, I Read more
As there are lots of question on this topic, I’m hoping this post will help. Also see my other post if you DO have Log Analytics What to do if you don’t have Log Analytics already in use in your company today, but want to price Azure Sentinel: Here I discuss three Options: An Read more
