Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Azure Sentinel

Copper Contributor

Hi i am a beginner with azure sentinel.

I want to know where are the diagnostics from Azure resources saved so that i can create a kql for any updation or modifications on the azure resources.


Thank you

1 Reply
Azure Diagnostics are typically in a Table called "AzureDiagnostics" Diagnostics are enabled 'per resource' or via Policy - Change and Modification can also be seen with ARG but you have to use a Workbook to access that with KQL.