Apr 07 2020
04:33 PM
- last edited on
Apr 08 2022
10:22 AM
by
TechCommunityAP
Apr 07 2020
04:33 PM
- last edited on
Apr 08 2022
10:22 AM
by
TechCommunityAP
Guys, is their a delay/latency in say the export of sign-in logs from AzureAD into a log analytics workspace? My security team have asked for real-time alerts on certain account sign ins. Should I look at Event hubs?
Apr 08 2020 01:57 AM
This lists the latency details.
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-ingestion-time
You can measure it with the queries in the link or via my Usage Workbook, which has a whole Tab (page) for latency https://techcommunity.microsoft.com/t5/azure-sentinel/usage-reporting-for-azure-sentinel/ba-p/126738...
Other solutions may decrease latency, but you need to weigh that against complexity and costs etc...
Apr 09 2020 06:21 AM
@CliveWatson Thanks! We are using a 3rd party SIEM so we don't have Azure Sentinel. Specifically for the AzureAD sign in logs, would an event hub have less latency than a LA workspace?