New Blog Post | How to Send Azure Storage Logs to Microsoft Sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-3107278%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20How%20to%20Send%20Azure%20Storage%20Logs%20to%20Microsoft%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3107278%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AshleyMartin_0-1643830717602.png%22%20style%3D%22width%3A%20667px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F344779i872BDE35D3D43D01%2Fimage-dimensions%2F667x356%3Fv%3Dv2%22%20width%3D%22667%22%20height%3D%22356%22%20role%3D%22button%22%20title%3D%22AshleyMartin_0-1643830717602.png%22%20alt%3D%22AshleyMartin_0-1643830717602.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22has-medium-font-size%22%3E%3CA%20href%3D%22https%3A%2F%2Fazurecloudai.blog%2F2022%2F02%2F02%2Fhow-to-send-storage-logs-to-microsoft-sentinel%2F%3FWT.mc_id%3Dm365-0000-rotrent%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EHow%20to%20Send%20Azure%20Storage%20Logs%20to%20Microsoft%20Sentinel%20%E2%80%93%20Azure%20Cloud%20%26amp%3B%20AI%20Domain%20Blog%20(azurecloudai.blog)%3C%2FA%3E%3C%2FP%3E%0A%3CP%20class%3D%22has-medium-font-size%22%3E%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F3Mr%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%20nofollow%22%3EJust%20announced%20as%20generally%20available%3C%2FA%3E%2C%20I%20know%20many%20Microsoft%20Sentinel%20customers%20have%20been%20waiting%20to%20monitor%20Read%2C%20Write%2C%20and%20Delete%20operations%20for%20Storage%20accounts.%3C%2FP%3E%0A%3CP%20class%3D%22has-medium-font-size%22%3ETo%20enable%20this%20for%20Microsoft%20Sentinel%2C%20you%E2%80%99ll%20need%20to%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F3Ms%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%20nofollow%22%3Ecreate%20a%20Diag%20Setting%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Efor%20each%20Storage%20account%20type%20and%20send%20the%20logs%20to%20the%20same%20Log%20Analytics%20Workspace%20as%20Microsoft%20Sentinel.%20As%20shown%2C%20I%20have%20enabled%20for%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CEM%3Eblob%3C%2FEM%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eand%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CEM%3Efile%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FEM%3Estorage%20as%20I%20don%E2%80%99t%20often%20use%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CEM%3Equeue%3C%2FEM%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eand%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CEM%3Etable%3C%2FEM%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Etypes.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3107278%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECloud%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Sentinel%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

AshleyMartin_0-1643830717602.png

How to Send Azure Storage Logs to Microsoft Sentinel – Azure Cloud & AI Domain Blog (azurecloudai.bl...

Just announced as generally available, I know many Microsoft Sentinel customers have been waiting to monitor Read, Write, and Delete operations for Storage accounts.

To enable this for Microsoft Sentinel, you’ll need to create a Diag Setting for each Storage account type and send the logs to the same Log Analytics Workspace as Microsoft Sentinel. As shown, I have enabled for blob and file storage as I don’t often use queue and table types.

0 Replies