Forum Discussion
Log Source Audit help
Hi all, I am looking for a way to get an audit of all log sources coming into Microsoft Sentinel. I suspect that I will need to write a KQL query to do this, but I was wondering if there was an e...
If you go to Content Hub and install the Workspace Audit and Workspace Usage Report workbooks it should get you close to what you need.
If this isn't what you need I would start with this KQL and then filter to what you need.
AzureActivity
| where OperationNameValue startswith "MICROSOFT.SECURITYINSIGHTS"
Hope this helps.
G.
If you just want the Tables the Workbooks referenced above use this query or a variation:
Usage
| where TimeGenerated > ago(30d)
| summarize count(), GBytes=round(sum(Quantity)/1000,2) by DataType, IsBillable
Usage
| where TimeGenerated > ago(30d)
| summarize count(), GBytes=round(sum(Quantity)/1000,2) by DataType, IsBillable