Recently Log Analytics added a neat feature that allows you to see how well your queries run. Because Log Analytics Operators Has and Contains perform similar functions, some have been advising to only use the Has operator as it is the most efficient. However, Has is nice but it is not the be all and …
If you’ve followed me at all over the last few years, I make a lot of workbooks. I have a number of them on my github. I have these workbooks for your usage, completely free. LogicApps/Azure Sentinel Playbooks Azure Automation Update Management Azure File Sync Syslog Windows Event Log But now I’m putting out the …
I recently took a look at the Azure Sentinel Syslog Workbook, called Linux Machines. This workbook is not great, its essentially a dashboard. For me the power of Workbooks in both Azure Monitor and Azure Sentinel is hunting, whether you’re hunting threats or operational issues with your infrastructure or applications. Workbook Resources If this is …
In the past few months I’ve spoken with multiple Microsoft employees and even Microsoft MVPs that don’t understand Azure Sentinel, Azure Security Center, Azure Monitor and Log Analytics and whats the difference. There seems to be some confusion around these products and how they are used together. I recently put together a diagram for a …
Something I’ve been working on off and on was a LogicApps workbook for Azure Monitor. The view designer dashboard, was always in preview and kind of bad. Donnie’s recent post in our series inspired me to finish it. Especially since we’ve gotten confirmation that the view designer is going to be phased out. This workbook …
PSST: you could read this post. Orrrr you could check out the new 2.0 version, which has way more examples. Extracting Nested Fields in Kusto 2.0 – Cloud, Systems Management and Automation (cloudsma.com) Pretty much every blog I’ve produced is a real world solution that I have used in production. Sometimes they are …