Why Average GB per day, it’s because that’s the information the Azure Pricing Calculator needs now that Azure Sentinel is released. This query looks at all billable data in your Log Analytics workspace and takes an average over the period. Example https://azure.microsoft.com/en-gb/pricing/calculator/ Then search for Sentinel / or look in the Security section. —————————————————————————————————————— //...Read more
Posts by Clive Watson, Clive has over 30 years’ experience within the industry (14+ at Microsoft), currently he is an Azure Infrastructure Specialist for Microsoft based in the UK.
I almost forgot about this set of tips, but I was asked again yesterday – so decided to post this. Often when investigating Event logs or Security Event logs, you look at the EventID. These are two of the most common basic methods. Event | summarize count() by EventID, RenderedDescription | sort by count_ desc...Read more
At some stage, you either need to add a new set of data to Log Analytics or even look at your usage and costs. Originally you looked at the Usage table for this data: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-standard-properties https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-cost-storage As you can see from these docs (and please read them as I wont go over the content here), Usage...Read more
This was announced at Ignite last week, see here https://azure.microsoft.com/en-us/blog/query-across-resources/ which I missed at the time. Adding the ‘withsource=SourceTable’ I have found to be really useful to see where the data was found. If the returned SourceTable is just “SecurityEvent” as per this example its from your local workspace, if its workspace(”). SecurityEvent // show...Read more