At Ignite the Azure Monitor team has announced that you can now send subscription activity logs to Log Analytics. Wait? What? Isn’t that already available? And the answer yes it was available before but if we look closer you will see that the previous implementation was not very native to Azure. With the new implementation besides making the API better there are also other improvements like faster ingestion, ability to send different categories, etc.
Right before Ignite Microsoft has released a new SKU for Log Analytics. With that SKU the model of usage does not change but it is rather discount you get for committing certain usage in your Log Analytics workspace. To me it is similar to reserved instances but on a monthly bases. This SKU is also related to Azure Sentinel as it is the recommended SKU when you have onbarded Log Analytics workspace to Azure Sentinel.
Last week I have done a webinar about Azure Monitor Alerting at MP University. In case you have missed the live presentations you can check the recordings now here.
MP University is free 1 day online training event that focuses on SCOM and Azure. As you know for the past several weeks I have been blogging about Azure Monitor Alerts so when I was offered the opportunity to do online session on that topic – I was all in. Besides blogging I also like presenting. Being able to do that online is good for me due to my busy schedule (both personal and work one). So if you are interested on that topic and seeing more of what I have blogged or any of the other sessions in the event please go here and sign up.
We are getting to one of the last blog post of these series. I still haven’t decided how much more I will publish but this one won’t be the last one. If not else there will be at least another one after this one. Today we will cover Azure Sentinel alerts. To be honest I was not sure if I will cover these alert types. I have tons of feedback for Azure Sentinel in general and specifically for their alerts. That feedback focuses more on APIs and alignment with other Azure teams. I am sure that from security functionality perspective the service is doing great. But let’s start looking at Azure Sentinel alerts and I will express my feedback trough the blog post.