Forum Discussion
Solved
Monitoring creation of costly vms
Hi, I'm grappling with an issue - i want to create an analytics rule in sentinel to monitor the creation of anomalous - more expensive than usual - virtual machines. However, I cant seem to find ...
- Hello Daniel,
You can use this rule from GitHub https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureActivity/Creation_of_Expensive_Computes_in_Azure.yaml
to monitor creation of expensive VMs. The "tokens" array contains VM types that you can define and get alerts based on creation of them.
You can take examples of the array parameters from here: https://docs.microsoft.com/en-us/azure/virtual-machines/vm-naming-conventions or from the link that Clive_Watson sent.
Hello Daniel,
You can use this rule from GitHub https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureActivity/Creation_of_Expensive_Computes_in_Azure.yaml
to monitor creation of expensive VMs. The "tokens" array contains VM types that you can define and get alerts based on creation of them.
You can take examples of the array parameters from here: https://docs.microsoft.com/en-us/azure/virtual-machines/vm-naming-conventions or from the link that Clive_Watson sent.
You can use this rule from GitHub https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureActivity/Creation_of_Expensive_Computes_in_Azure.yaml
to monitor creation of expensive VMs. The "tokens" array contains VM types that you can define and get alerts based on creation of them.
You can take examples of the array parameters from here: https://docs.microsoft.com/en-us/azure/virtual-machines/vm-naming-conventions or from the link that Clive_Watson sent.