Forum Discussion
Application Level Security Monitoring
Hi Team,
I have scenario where the application is running on top of webapps and respective application level logs are getting stored in sql database (paas) on specific tables. My requirement is to collect the logs from database and then ingest into log analytics workspace for identifying the critical / anomalous /malicious activities.
What would be the best way to achieve this?
Thoughts i have in my mind is using logic app(i think its possible but expensive ) / function app (Not sure)
6 Replies
- Thijs LecomteBronze ContributorI would recommend using Application Insights, which saves the data into Log Analytics and can be easily integrated to save all the logs that the application produces
- ibnmbodjiIron Contributor
Hi
Why don't you simply leverage Azure Defender for App Service ? Even if your app is not running on app service you can still leverage security events in Defender or Sentinel to get notified and prepare your response at the right time
https://docs.microsoft.com/fr-fr/azure/security-center/defender-for-app-service-introduction
You can also leverage application security detection pack by using application insights :
- Pavan_Gelli1910Brass Contributorim using the Azure Defender for App service also. But, I have requirement to build some custom correlation rules using the logs generated by the application.
- ibnmbodjiIron ContributorHi
You can leverage workspace-basd resources to have custom logs and cutom queries . I think it's the best way to do it unless the specified logs you want are not supported by app insights .
The doc said :
Workspace-based resources support full integration between Application Insights and Log Analytics.You can now choose to send your Application Insights telemetry to a common Log Analytics workspace, which allows you full access to all the features of Log Analytics while keeping application, infrastructure, and platform logs in a single consolidated location.
Reference : https://docs.microsoft.com/en-us/azure/azure-monitor/app/create-workspace-resource
- mperrottaBrass Contributor
Pavan_Gelli1910 How we do this is we query the dbs for the data and we upload the data via API. We use this script to perform the upload: https://www.powershellgallery.com/packages/Upload-AzMonitorLog/1.2.
This just runs as a scheduled task on the server to upload the data.
- Pavan_Gelli1910Brass Contributor
Here is my understanding. Please correct me if im wrong
1. Your manually picking the logs from sql paas and dumping those logs in a server (windows/linux)
2. On one server(where the dumped sql logs are residing) your scheduling a task to send logs to LA via DC API using PS script