Forum Discussion
Solved
Monitoring creation of costly vms
Hi, I'm grappling with an issue - i want to create an analytics rule in sentinel to monitor the creation of anomalous - more expensive than usual - virtual machines. However, I cant seem to find ...
- Hello Daniel,
You can use this rule from GitHub https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureActivity/Creation_of_Expensive_Computes_in_Azure.yaml
to monitor creation of expensive VMs. The "tokens" array contains VM types that you can define and get alerts based on creation of them.
You can take examples of the array parameters from here: https://docs.microsoft.com/en-us/azure/virtual-machines/vm-naming-conventions or from the link that Clive_Watson sent.
I've used this in the past https://azureprice.net/ you can download a CSV file, so it could be a watchlist or something to access with the externaldata operator?
Hmm that might be an option, I'll look into it, thanks.