{"id":3110,"date":"2024-06-11T12:12:08","date_gmt":"2024-06-11T11:12:08","guid":{"rendered":"https:\/\/mortenknudsen.net\/?p=3110"},"modified":"2024-06-11T12:12:10","modified_gmt":"2024-06-11T11:12:10","slug":"azure-monitor-alerting-with-azure-resource-graph-data-using-azure-loganalytics-integration","status":"publish","type":"post","link":"https:\/\/mortenknudsen.net\/?p=3110","title":{"rendered":"Azure Monitor alerting with Azure Resource Graph data &#8211; using Azure LogAnalytics integration"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you need to get an Azure Monitor alert using Azure Resource Graph data, this can easily be accomplished using the Azure Resource Graph integration in Azure LogAnalytics.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In the example below, I&#8217;m detecting any Microsoft Copilot for Security instances, that I have running for demo-purpose. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The steps to configure this is shown below.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 1: Define the query in Azure Resource Graph<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>resources\n| where &#91;'type'] contains \"microsoft.securitycopilot\/capacities\"<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 2: Test the query using Azure LogAnalytics<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>arg(\"\").resources\n| where &#91;'type'] contains \"microsoft.securitycopilot\/capacities\"<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 3: Configure the Azure Monitor Alert Rule<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"783\" src=\"https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-3-1024x783.png\" alt=\"\" class=\"wp-image-3114\" srcset=\"https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-3-1024x783.png 1024w, https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-3-300x229.png 300w, https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-3-768x587.png 768w, https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-3.png 1439w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"898\" src=\"https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-1024x898.png\" alt=\"\" class=\"wp-image-3111\" srcset=\"https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-1024x898.png 1024w, https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-300x263.png 300w, https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-768x674.png 768w, https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image.png 1163w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"889\" src=\"https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-2-1024x889.png\" alt=\"\" class=\"wp-image-3113\" srcset=\"https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-2-1024x889.png 1024w, https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-2-300x260.png 300w, https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-2-768x667.png 768w, https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-2.png 1139w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"482\" src=\"https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-1-1024x482.png\" alt=\"\" class=\"wp-image-3112\" srcset=\"https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-1-1024x482.png 1024w, https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-1-300x141.png 300w, https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-1-768x362.png 768w, https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/image-1.png 1429w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you need to get an Azure Monitor alert using Azure Resource Graph data, this can easily be accomplished using &#8230; <\/p>\n<p class=\"read-more-container\"><a title=\"Azure Monitor alerting with Azure Resource Graph data &#8211; using Azure LogAnalytics integration\" class=\"read-more button\" href=\"https:\/\/mortenknudsen.net\/?p=3110#more-3110\" aria-label=\"Read more about Azure Monitor alerting with Azure Resource Graph data &#8211; using Azure LogAnalytics integration\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":3116,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"ngg_post_thumbnail":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[55,153,152],"tags":[],"class_list":["post-3110","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure","category-azure-resource-graph","category-kusto","infinite-scroll-item","resize-featured-image"],"featured_image_src":"https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/Alert.jpg","author_info":{"display_name":"Morten Knudsen","author_link":"https:\/\/mortenknudsen.net\/?author=1"},"jetpack_featured_media_url":"https:\/\/mortenknudsen.net\/wp-content\/uploads\/2024\/06\/Alert.jpg","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/mortenknudsen.net\/index.php?rest_route=\/wp\/v2\/posts\/3110","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mortenknudsen.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mortenknudsen.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mortenknudsen.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mortenknudsen.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3110"}],"version-history":[{"count":1,"href":"https:\/\/mortenknudsen.net\/index.php?rest_route=\/wp\/v2\/posts\/3110\/revisions"}],"predecessor-version":[{"id":3117,"href":"https:\/\/mortenknudsen.net\/index.php?rest_route=\/wp\/v2\/posts\/3110\/revisions\/3117"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mortenknudsen.net\/index.php?rest_route=\/wp\/v2\/media\/3116"}],"wp:attachment":[{"href":"https:\/\/mortenknudsen.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mortenknudsen.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mortenknudsen.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}