Mar 15 2018
07:07 AM
- last edited on
Apr 07 2022
04:55 PM
by
TechCommunityAP
Mar 15 2018
07:07 AM
- last edited on
Apr 07 2022
04:55 PM
by
TechCommunityAP
hi out there
I have a simple query for given security events in OMS which I want to run as a scheduled job and email me the result - daily - but sorry - I can't figure out how/where to do this from my Azure Log Analytics console - there must be a simple way - but how?
The script I want to run at 08:00 every morning is simply like this:
SecurityEvent
| where ( EventID == 4728 ) | sort by AccountName
and then mail me the outcome as a csv file - just like exporting it to csv...
Mar 17 2018 01:19 PM - edited Mar 17 2018 01:23 PM
SolutionHi,
There are several ways to implement this scenario. IMHO, the most elegant method is using Azure Logic App. It has a connector that can execute a query and other connectors to send mail. There are logic modules to transform and format the results. You can also add additional logic items and connectors to other systems as much as you like.
If you want to see this scenario demo in video just watch this video: https://youtu.be/4whwxXWM894?t=2992
Thanks,
Meir :>
Oct 08 2018 10:02 PM
How you are sending csv output of query to mails.
I tired this but no luck , it is sending lots of mail to all like (130 and so on).
Could you please suggest me what i missed in logic app
Feb 18 2019 11:30 AM
That video is not very detailed at all. I'm guessing no one has solved this yet? I've tried exporting the info to a spreadsheet, but that got complicated doing it row by row, and didn't work correctly. I just want a simple step of "email me the result's" but I can't seem to find that. Not a graph, just the results.
Jul 15 2021 05:30 AM
Jul 16 2021 03:51 AM
Create a 3 step Logic App:
1. Set your Recurrence (once a day, once an hour etc..)
2. Run whatever KQL query for AAD Audit logs you need, I have set my "chart type" to "html table" but there are other options.
3. Send the email (or action you require), picking up the "attachment content" from step 2
Mar 17 2018 01:19 PM - edited Mar 17 2018 01:23 PM
SolutionHi,
There are several ways to implement this scenario. IMHO, the most elegant method is using Azure Logic App. It has a connector that can execute a query and other connectors to send mail. There are logic modules to transform and format the results. You can also add additional logic items and connectors to other systems as much as you like.
If you want to see this scenario demo in video just watch this video: https://youtu.be/4whwxXWM894?t=2992
Thanks,
Meir :>