Tag: Hybrid Cloud

Explore:
  • Hybrid Cloud logo
    Published 

    Azure Monitor Workbooks: How to find Virtual Machines that are in, and not in Azure! 

    Sorry I’ve been away for while, however I’m back with a few articles on Azure Monitor Workbooks.  Thanks to Alp Babayigit for the idea and use case for this Workbook. I first started with Workbooks when Azure Sentinel was launched and published some articles here: https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-and-azure-arc/ba-p/999379 https://techcommunity.microsoft.com/t5/azure-sentinel/how-to-use-azure-sentinel-to-follow-a-users-travel-and-map-their/ba-p/981716 https://techcommunity.microsoft.com/t5/azure-sentinel/how-to-use-azure-monitor-workbooks-to-map-sentinel-data/ba-p/971818   Summary In this new Workbook, I
  • a close up of a logo
    Published 

    Azure Sentinel – Average GB per day 

    Why Average GB per day, it’s because that’s the information the Azure Pricing Calculator needs now that Azure Sentinel is released. This query looks at all billable data in your Log Analytics workspace and takes an average over the period. Example https://azure.microsoft.com/en-gb/pricing/calculator/ Then search for Sentinel / or look in the Security section. —————————————————————————————————————— //
  • a close up of a logo
    Published 

    Azure Sentinel – Costing Estimate (PAYG) 

    In this example, now that Azure Sentinel is Generally Available (GA) we can look at the Azure Monitor Logs (Log Analytics) and Azure Sentinel charges. I have used Pay as You Go (PAYG) for both, using USD $ and EASTUS as the region, but please feel free to adapt to you local region or currency.
  • a close up of a logo
    Published 

    Azure Log Analytics: how to read a file 

    I often blog about various Log Analytics syntax after I get asked the same question a few times, in this case a few times last month and twice this week so far! Also posted as a reply here _______________________________________________________________________________________________________________________________________ You can use externaldata operator to read files, like csv or tsv, scsv, sohsv, psv, txt,
  • a close up of a logo
    Published 

    Azure Sentinel meets Azure Log Analytics – looking at data use and estimated costs. 

    // // // Now that the pricing is released – please see https://azure.microsoft.com/en-gb/pricing/calculator/ // // Please use https://www.microsoft.com/en-gb/industry/blog/cross-industry/2019/10/03/azure-sentinel-average-gb-per-day/ // ———————————————————————————————— Please use the above link – posted retained for examples only, now that Sentinel has been released ———————————————————————————————— This post combines two previous posts, one on Log Analytics and one on Sentinel Dashboards. https://www.microsoft.com/en-gb/industry/blog/cross-industry/2019/07/22/azure-log-analytics-looking-at-data-and-costs-part-4/ https://www.microsoft.com/en-gb/industry/blog/cross-industry/2019/07/19/azure-sentinel-dashboard-queries/
  • Hybrid Cloud logo
    Published 

    Azure Log Analytics: looking at data and costs – Part 4 

    Building on Post 3 https://www.microsoft.com/en-gb/industry/blog/cross-industry/2019/07/18/azure-log-analytics-looking-at-data-and-costs-part-3/ You would probably take the data projection (see post 3) and add it into Excel to do the math, but you can also use KQL for that. I assigned a price of $2.30 (line 1); most of the rest of the syntax is the same. This is correct as of
  • a close up of a logo
    Published 

    Azure Log Analytics: Azure Sentinel Queries 

    I almost forgot about this set of tips, but I was asked again yesterday – so decided to post this. Often when investigating Event logs or Security Event logs, you look at the EventID. These are two of the most common basic methods. Event | summarize count() by EventID, RenderedDescription | sort by count_ desc
  • a close up of a logo
    Published 

    Azure Sentinel – Dashboard queries 

    The vast majority of my day job at the moment includes Azure Sentinel. Some of the queries I’ve shown in the previous posts can be used to see data points for Sentinel as well. Typically I display all these on an Azure Dashboard, but you can also just use the queries. Sentinel specifc DashBoards can
  • Hybrid Cloud logo
    Published 

    Azure Log Analytics: looking at data and costs – Part 3 

    Part1: https://www.microsoft.com/en-gb/industry/blog/cross-industry/2019/03/28/azure-log-analytics-looking-at-data-and-costs/ Part2: https://www.microsoft.com/en-gb/industry/blog/cross-industry/2019/05/09/azure-log-analytics-looking-at-data-and-costs-part-2/ Part3 – This post : https://www.microsoft.com/en-gb/industry/blog/cross-industry/2019/07/18/azure-log-analyt…and-costs-part-3/ There are two parts to this post: 1. Predict Forward 2. Add more computers 1. Predict forward In the previous two posts on this topic, we’ve seen the data ‘as is’ and in the past (normally the past month) – but how to we predict
  • a close up of a logo
    Published 

    Azure Log Analytics: Cross-workspace connections 

    I’ve had the script for a while, but didn’t finish the last part until today. Many of my Azure connected Servers are dual-homed to Azure Monitor Logs (required by our IT Security people). So this report shows me which ones are connected to one or both workspaces. Instructions: You need to provide the long form