![]() The following LAQueryLogs table query shows the number of queries run, where anything other than an HTTP response of 200 OK was received. The number of queries run where the response wasn't "OK" The following sections show more sample queries to run on the LAQueryLogs table when auditing activities in your SOC environment using Microsoft Sentinel. | summarize events_count=count() by bin(TimeGenerated, 1d) To use LAQueryLogs data when auditing in Microsoft Sentinel, first enable the LAQueryLogs in your Log Analytics workspace's Diagnostics settings area.įor more information, see Audit queries in Azure Monitor logs.įor example, the following query shows how many queries were run in the last week, on a per-day basis: LAQueryLogs The LAQueryLogs table isn't enabled by default in your Log Analytics workspace. We recommend waiting about 5 minutes to query the LAQueryLogs table for audit data.
0 Comments
Leave a Reply. |