Forum Discussion
Azure Sentinel
Hi i am a beginner with azure sentinel. I want to know where are the diagnostics from Azure resources saved so that i can create a kql for any updation or modifications on the azure resources. T...
Azure Diagnostics are typically in a Table called "AzureDiagnostics" https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/azurediagnostics. Diagnostics are enabled 'per resource' or via Policy - https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings?tabs=CMD Change and Modification can also be seen with ARG https://docs.microsoft.com/en-us/azure/governance/resource-graph/how-to/get-resource-changes?tabs=azure-cli but you have to use a Workbook to access that with KQL.