User Profile

Pavan_Gelli1910

Brass Contributor

Joined 7 years ago

37 Posts5 Likes

View All Badges

User Widgets

Recent Discussions

Azure Diagnostic table custom filed limitation # Log Analytics Workspace
Hi Team, As everyone is aware every table in log analytics will have a custom filed limit of 500 and if the limit is crossed data will be dropped. Azure Diagnostics table has easily reached the limit. To overcome this limitation MS has introduced the resource-specific option for two PaaS services ADF and recovery service vault. Hence once this option is configured then the logs start to go into a new table for every option that we see in a diagnostic setting configuration page. Ask: How MS Azure is planning to address this limitation? or planning to introduce the resource-specific option for other PaaS services? So that custom filed limitations will be addressed.
Apr 08, 2022 Place Azure Observability
azure monitor
Custom Filed Limitation
1.7KViews
0likes
0Comments
Log Analytics RBAC
Hi Team, Below is my requirement related to configuring azure PAAS resources to Send logs to log analytics workspace. Tenant Name: XYZ Subscription A - Log Analytics workspace(Name: Security) is provisioned and on top of it, the azure sentinel is enabled. Description A: This log analytics workspace is the central workspace. Where resources running in different subscriptions(B & C) under the same tenant need to send logs to LA workspace in subscription A Subscription B & C: Have a couple of resources running and the Owner/Contributor of these subscriptions need to send logs to LA workspace in Subscription A. But as per my security control, I can provide log analytics reader access on LA workspace (running in sub-A) for the owner/contributor of the subscription B & C. But after testing, the user with log analytics reader on Security workspace is to not able to configure resource(in sub b or c) to send logs to Security log analytics. It's only working after providing the log analytics contributor(i cant provide this RBAC). ASK: Is there any way that I can provide specific RBAC to users in sub b or c so that they can configure resource to send logs to log analytics workspace in sub A. Hope this is understandable.
Solved
Apr 08, 2022 Place Azure Observability
azure monitor
Log Analytics RBAC
2.4KViews
0likes
3Comments
How to close sentinel incidents using PS
Hi Team, Few days back, i have enabled default Analytics rules related to Azure Key Vault(AKV). After that i was hit with many incidents(approx 10K) got triggered related AKV. Now i want bulk close all of them using PS. Because on UI i can only close 100 incidents in one shot. I also agree that i need to understand and fine tune the AKV detection rules thoroughly to avoid the alert fatigue. Please help. Thanks.
Jan 04, 2022 Place Microsoft Sentinel
6.4KViews
0likes
5Comments
Storing static data in table to use in KQL
Unable to maintain static/dynamic data sets for below sample use cases. Use Cases: Increase in failed domain admin account logins detected Password change or rest on known privileged account Interactive login (Success or Failed) from Service Account Ex: Interactive login (Success or Failed) from Service Account: Ideally service accounts are used for application level integration. We need to trigger an alert if interactive/remote interactive login observed from service accounts. Current work around: I have hard coded the all our service accounts in the KQL query. Which is not feasible in long run. Challenge: If new service accounts are provisioned. We are missing monitoring on those service accounts until I add them in KQL Query. Ask: Is there any workaround, KQL to get the data from storage account like blob / can I create table /AD using scripts on scheduled basis /store in log analytics. Please help.
Solved
Dec 23, 2021 Place Microsoft Sentinel
KQL
4KViews
0likes
4Comments
Re: Application Level Security Monitoring
Here is my understanding. Please correct me if im wrong 1. Your manually picking the logs from sql paas and dumping those logs in a server (windows/linux) 2. On one server(where the dumped sql logs are residing) your scheduling a task to send logs to LA via DC API using PS script
Mar 15, 2021 Place Microsoft Sentinel
1.5KViews
0likes
0Comments
Re: Application Level Security Monitoring
im using the Azure Defender for App service also. But, I have requirement to build some custom correlation rules using the logs generated by the application.
Mar 02, 2021 Place Microsoft Sentinel
1.5KViews
0likes
1Comment
Application Level Security Monitoring
Hi Team, I have scenario where the application is running on top of webapps and respective application level logs are getting stored in sql database (paas) on specific tables. My requirement is to collect the logs from database and then ingest into log analytics workspace for identifying the critical / anomalous /malicious activities. What would be the best way to achieve this? Thoughts i have in my mind is using logic app(i think its possible but expensive ) / function app (Not sure)
Feb 22, 2021 Place Microsoft Sentinel
1.7KViews
0likes
6Comments
Re: Log Analytics RBAC
hspinto Thank you for your support. To address my requirement I need to go with custom RBAC creation only.
Feb 10, 2020 Place Azure Observability
2.2KViews
0likes
0Comments
Re: Log Analytics RBAC
Hi, Can anyone answer this? Pl
Feb 08, 2020 Place Azure Observability
2.3KViews
0likes
2Comments
Re: Log windows security event to Azure
Hi stuart355 Windows Security Events configuration done on ASC. Below is the path ASC->Pricing and settings -> Select subscription->Data Collection-> Windows Security Events I hope this answered your ask.
Jan 27, 2020 Place Azure Observability
2.6KViews
0likes
0Comments
Re: Storing static data in table to use in KQL
This is really the best article to address my ask. Thanks
Jan 07, 2020 Place Microsoft Sentinel
3.8KViews
0likes
0Comments

Recent Blog Articles

No content to show