This week I was surprised to figure out that elevation logs that indicate a Global Admin becoming a User Access Administrator don’t flow to Log Analytics. It’s not possible to enable diagnostics settings for it. TL;DR I built a Logic App that forwards those logs to Log Analytics so I can have Analytic rules in… Continue reading Logging User Access Admin elevations to Microsoft Sentinel
Tag: sentinel
Querying Log Analytics from Logic Apps
I spent some time this week at work trying to get a correct setup in querying the (Sentinel) Log Analytics store from a Logic App in Microsoft Azure. So I thought it would be good idea to document it for myself and others. 🙂 The problem Logic Apps allow you to perform actions in Microsoft… Continue reading Querying Log Analytics from Logic Apps