Feb 22 2021 05:55 AM
Hi Team,
I have scenario where the application is running on top of webapps and respective application level logs are getting stored in sql database (paas) on specific tables. My requirement is to collect the logs from database and then ingest into log analytics workspace for identifying the critical / anomalous /malicious activities.
What would be the best way to achieve this?
Thoughts i have in my mind is using logic app(i think its possible but expensive ) / function app (Not sure)
Feb 22 2021 10:38 AM
@Pavan_Gelli1910 How we do this is we query the dbs for the data and we upload the data via API. We use this script to perform the upload: PowerShell Gallery | Upload-AzMonitorLog 1.2.
This just runs as a scheduled task on the server to upload the data.
Feb 22 2021 11:42 AM - edited Feb 22 2021 01:13 PM
Hi
Why don't you simply leverage Azure Defender for App Service ? Even if your app is not running on app service you can still leverage security events in Defender or Sentinel to get notified and prepare your response at the right time
https://docs.microsoft.com/fr-fr/azure/security-center/defender-for-app-service-introduction
You can also leverage application security detection pack by using application insights :
Mar 02 2021 05:14 AM - edited Mar 15 2021 09:44 AM
Here is my understanding. Please correct me if im wrong
1. Your manually picking the logs from sql paas and dumping those logs in a server (windows/linux)
2. On one server(where the dumped sql logs are residing) your scheduling a task to send logs to LA via DC API using PS script
Mar 02 2021 05:17 AM
Mar 02 2021 09:19 AM
Mar 07 2021 03:34 AM