Master Azure Logging in depth

I am really passioned about the logging capabilities in M365 Defender and Azure with the power to bring data back from clients, servers, cloud and 3rd party systems – and getting cool valuable information out of the data – besides of course for security hunting.

As outlined in the last section of this intro/overview, I have prepared a series of blog posts to master Azure logging in depth. I will be releasing 19 blog-posts as shown below.

You will learn about Azure Log Ingestion PipelineAzure Data Collection RulesData Collection Endpoints, Azure LogAnalytics custom table (v2), Azure Monitor Agent, Azure Monitor Private Link Scope, migration from v1 to v2, etc.

To get you started, I have also prepared templates & scripts in my AzureLogLibrary (github) – with focus on the new capabilities.

Happy reading 🙂

If you are sending data using HTTP Data Collector API (REST) today, you should continue reading, as this API will be deprecated, as part of the transition to Log ingestion API using Azure Data Collection RulesAzure PipelineAzure LogAnalytics custom tables (v2).

As you can see from the illustrations above more components (DCR, DCR, Pipeline, Schema) are added, which also increases the complexity.

I have built a Powershell module, AzLogDcrIngestPS which will ease the steps, if you want to send any data to Azure LogAnalytics custom logs (v2) – using the new features of Azure Log Ingestion PipelineAzure Data Colection Rules & Log Ingestion API.

You can find AzLogDcrIngestPS in Powershell Gallery

Lastly I would like to thank the product teams in Seattle, USA and Israel, who are delivering rock star products every day.

Especially, I would like to give big credits to a few people, who I have worked together with on building AzLogDcrIngestPS Powershell module and my daily work with the Azure log & viewing capabilities:

NameRole
Ivan VarnitskiProgram Manager – Azure Pipeline
Evgeny TernovskyProgram Manager – Azure Pipeline
Nick KiestProgram Manager – Azure Data Collection Rules
Oren SalzbergProgram Manager – Azure LogAnalytics
Guy WildTechnical Writer – Azure LogAnalytics
John GardnerProgram Manager – Azure Workbooks
Shikha JainProgram Manager – Azure Workbooks
Ingo BringemeierPrincipal Program Manager – Azure Monitor
Shayoni SethProgram Manager – Azure Monitor Agent
Jeff WolfordProgram Manager – Azure Monitor Agent
Xema PathakProgram Manager – Azure VMInsight (integration to Azure Monitor Agent)

12 thoughts on “Master Azure Logging in depth”

Leave a Reply