Nov 09 2021 04:33 AM
Hi All,
I am exploring Sentinel, and wanting to understand the best way to set it up to monitor incoming traffic into a PaaS App Service Web Application, to spot and alert on suspect traffic. We just want to monitor traffic that is getting throught our non MS WAF at present. We do not use the MS WAF or gateway.
Thanks.
Nov 09 2021 05:33 AM
Nov 09 2021 05:59 AM
Hi Clive,
Really appreciate the reply. The App Service is a standard Azure App Serivce running a .Net MVC Web Application against SQL Azure. We use Log analytics / monitoring and Application Insights. However probably not using Log Analytics as much as we should.Thoughts?
Thanks.
Nov 09 2021 06:38 AM
Ah good, so your App Service, will already write to AzureActivity (so you can check that table to see some data), and you can also enable Diagnostic logging, sending teh data to a Log Analytics workspace managed by Sentinel.
Enable diagnostics logging - Azure App Service | Microsoft Docs
Nov 09 2021 07:31 AM