Azure Activity Log Event Monitor

notitie

Overview

The Azure Activity Log Event Monitor collects and reports on data from your Azure Activity Log. It allows you to set alerts based on initiator, status, or category of Azure activity logs.

info

Use Cases

• Receiving alerts about activity in your Azure account

Monitoring Options

• Authentication: Select an authentication profile of the Microsoft Azure Credentials type or use specific values for Subscription ID, Application (client) ID, Directory (tenant) ID, and Client Secret Value.
• Alert with [Info/Warning/Error/Critical] if Microsoft Azure is unreachable: Receive an alert if the event monitor is unable to connect to Microsoft Azure.
• Alert with [Info/Warning/Error/Critical] when specific events are found: Enter specific events that will trigger an alert of your choosing. Select the event level(s) that will trigger an alert.
  • Event Initiator: Filter by the event initiator by entering each event initiator on a new line.
  • Category: Choose the categories that will trigger an alert by entering each new category on a new line.
• Show the first [#] matching event logs: Choose how many matching event logs to display in the event text each time the event monitor runs.

Authentication and Security

• Create an app registration to add to your event monitor's authentication profile.
• Grant Reader permissions at the subscription level to your event monitor.

Protocols

• HTTPS

Data Points

This event monitor does not generate any data points.

Sample Output