Forum Discussion
What are the basic health checks one should be doing on Azure Sentinel as an SIEM Admin?
Hi Team, I need help on the checklist which should be carried out everyday in order to confirm the health status of Azure Sentinel. Please help. Regards, Mitesh Agrawal
CliveWatson Thanks for the additional information!
In the last query is the [{Table}] name supposed to be replaced with the actual table name? When I run it in Logs it just has {Table} as the X-axis text and the code doesn't run in a Workbook
Sorry a copy & paste mistake
union withsource=TableName *
| make-series TableSize = sum(_BilledSize) default = 0 on TimeGenerated from ago(7d) to now() step 1h
| mvexpand TableSize to typeof(real), TimeGenerated to typeof(datetime) limit 1000
| project TimeGenerated, ['Table'] = TableSize
| render areachart - just remove the curly brackets - its really the "Table Size" column as well - but an area chart will disguise that.
It should look like