Forum Discussion
Daniel_Iten
Mar 13, 2022Copper Contributor
Monitoring creation of costly vms
Hi, I'm grappling with an issue - i want to create an analytics rule in sentinel to monitor the creation of anomalous - more expensive than usual - virtual machines. However, I cant seem to find ...
- Mar 15, 2022Hello Daniel,
You can use this rule from GitHub https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureActivity/Creation_of_Expensive_Computes_in_Azure.yaml
to monitor creation of expensive VMs. The "tokens" array contains VM types that you can define and get alerts based on creation of them.
You can take examples of the array parameters from here: https://docs.microsoft.com/en-us/azure/virtual-machines/vm-naming-conventions or from the link that Clive_Watson sent.
Phil007
Copper Contributor
Are you specifically wanting it in logs or are you wanting to prevent someone from being able to spin up a expensive machine?
Daniel_Iten
Mar 15, 2022Copper Contributor
I specifically want to have in the logs so that i'll be able to create an analytics rule to monitor the spin up of expensive vms.
preventing it is the next step.