In my previous post I talked about how we can now query Azure Resource Graph data with Log Analytics. The purpose of that addition was to be able to alert on Azure Resource Graph data with Azure Monitor Alerts. In this post I’ll show exactly what you need to be able to create alerts in …
Have you ever wanted to filter resources in Log Analytics by resource tags? Or wanted to query Azure Resource Graph data with a broader set of KQL? Well, do I have some news for you. Now we can query Azure Resource Graph directly from Log Analytics. I was fortunate enough to be a small part …
Have you tried to get data on exemptions in your environment? Only to find they’re not in Azure Resource Graph, like policies, assignments and their states. Previously you would have to queried the API, which is limited to querying one subscription at a time. Not exactly “cloud scale.” Sometime in the last few weeks “microsoft.authorization/policyexemptions” …
The evaluate operator is fantastic tool in your Kusto tool belt. So much so that I have requested several times that it get added to Azure Resource Graph. However, the Evaluate Operator itself won’t run anything. You have to add one of its Plugins behind it. In this post I’ll show you how to use …
In my previous post I showed you how to collect and parse the FSLogix event log with Log Analytics. In this post I will show you how to use that event log to calculate WVD profile load time. Calculating logon time is one of those things that can provide value into our users experience. And …
Recently Log Analytics added a neat feature that allows you to see how well your queries run. Because Log Analytics Operators Has and Contains perform similar functions, some have been advising to only use the Has operator as it is the most efficient. However, Has is nice but it is not the be all and …
I recently took a look at the Azure Sentinel Syslog Workbook, called Linux Machines. This workbook is not great, its essentially a dashboard. For me the power of Workbooks in both Azure Monitor and Azure Sentinel is hunting, whether you’re hunting threats or operational issues with your infrastructure or applications. Workbook Resources If this is …