cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure monitoring alerts query

ezflow
Copper Contributor

‎Feb 15 2022 11:26 AM - last edited on ‎Apr 08 2022 10:59 AM by

‎Feb 15 2022 11:26 AM - last edited on ‎Apr 08 2022 10:59 AM by

Azure monitoring alerts query

If have an Azure Security group: "Super Secret"
What is the Query to set an Alert in Azure monitoring, when a user was added or removed from that group?

Labels:
1,397 Views
0 Likes
2 Replies
Reply
2 Replies
yairgil

‎Feb 21 2022 08:35 AM

‎Feb 21 2022 08:35 AM

Re: Azure monitoring alerts query

@ezflow 

 

Hello,

I assume this is regarding AAD security groups.

You can direct the AAD audit logs to Log Analytics workspace as explain here:

https://docs.microsoft.com/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-w...

Then you can create log search alert rules to detect the specific activities you would like to monitor.

I hope this helps,

 

Yair Gil

Program Manager, Azure Monitor

 

0 Likes
Reply
Luke Murray

‎Feb 21 2022 10:35 AM

‎Feb 21 2022 10:35 AM

Re: Azure monitoring alerts query

This MS Questions doc has a bit more information as well, specifically around the KQL query and Audit Logs: https://docs.microsoft.com/en-us/answers/questions/316694/create-alert-for-any-security-group-update...
0 Likes
Reply