Forum Discussion
Byron Boudreaux
May 30, 2019Copper Contributor
Create an Alert from Azure Activity results
I would like to create an Alert that fires when someone requests "Just in time VM access". I can use the query below to surface these events in Logs but not sure how to turn that into and Alert. I have searched though the Alert signals and am unable to find one that maps to this:
AzureActivity
| where OperationName == "Initiate JIT Network Access Policy"
| where ActivityStatus == "Started"
- CliveWatson
Microsoft
Just press the "add alert" button. Also create an Action Group with a email entry - if you want an email?
Action groups: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/action-groups
Alerts: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log
- Byron BoudreauxCopper Contributor
This solution did work but the notifications were way delayed. Unfortunately this is an inherit "feature" of Logs where the data coming in is delayed from the event that generated the entries. Hopefully this will improve over time.
- Byron BoudreauxCopper Contributor
Thanks for the reply. Tried that method (have it in place now) and can't get the Alert to fire. Not sure why.