cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Some pointers to setting up Sentinel to monitor an App Service please for suspect traffic?

SamStaveley
Copper Contributor

‎Nov 09 2021 04:33 AM

‎Nov 09 2021 04:33 AM

Some pointers to setting up Sentinel to monitor an App Service please for suspect traffic?

Hi All,

 

I am exploring Sentinel, and wanting to understand the best way to set it up to monitor incoming traffic into a PaaS App Service Web Application, to spot and alert on suspect traffic. We just want to monitor traffic that is getting throught our non MS WAF at present. We do not use the MS WAF or gateway.

 

Thanks.

4,261 Views
0 Likes
4 Replies
Reply
4 Replies
Clive_Watson

‎Nov 09 2021 05:33 AM

‎Nov 09 2021 05:33 AM

Re: Some pointers to setting up Sentinel to monitor an App Service please for suspect traffic?

Is the PaaS App Service on Azure? Does the same service (assuming Azure) allow you to write to log analytics/App Insights or azure diagnostics? if not, does it have an api we could use to get the data?
0 Likes
Reply
SamStaveley

‎Nov 09 2021 05:59 AM

‎Nov 09 2021 05:59 AM

Re: Some pointers to setting up Sentinel to monitor an App Service please for suspect traffic?

@Clive_Watson 

 

Hi Clive,

 

Really appreciate the reply. The App Service is a standard Azure App Serivce running a .Net MVC Web Application against SQL Azure. We use Log analytics / monitoring and Application Insights. However probably not using Log Analytics as much as we should.Thoughts?

 

Thanks.

0 Likes
Reply
Clive_Watson

‎Nov 09 2021 06:38 AM

‎Nov 09 2021 06:38 AM

Re: Some pointers to setting up Sentinel to monitor an App Service please for suspect traffic?

@SamStaveley 

 

Ah good, so your App Service, will already write to AzureActivity (so you can check that table to see some data), and you can also enable Diagnostic logging, sending teh data to a Log Analytics workspace managed by Sentinel.

Screenshot 2021-11-09 143444.png

 

Enable diagnostics logging - Azure App Service | Microsoft Docs

0 Likes
Reply
SamStaveley

‎Nov 09 2021 07:31 AM

‎Nov 09 2021 07:31 AM

Re: Some pointers to setting up Sentinel to monitor an App Service please for suspect traffic?

Clive,,

This is most helpful. I have now got my AppServiceHtmlLogs coming through. I assume that AppServiceLogs are redundant with Diagnostic Settings in use to send HTMLLogs to Sentinel?

Thanks
0 Likes
Reply