Seeking Guidance on Best Practices for Ingesting Azure Diagnostics Logging into Sentinel

Copper Contributor

I'm seeking guidance on Azure Diagnostics logging. Does Microsoft provide any documentation outlining the recommended data to be ingested into Sentinel from Azure Diagnostics logging? The only information I've come across mentions that "Data ingested via Azure Diagnostics can generate a lot of noise, leading to increased Azure consumption." Are there any published best practices or recommendations on what specific data from Azure Diagnostics logging should be ingested into Sentinel?

1 Reply
Most generally, you can avoid Azure Diagnostics as most of the data there is health and performance for Azure services. However, there are unique cases. For example, Azure Cognitive services (all the AI stuff) only logs to the Azure Diagnostics log right now.