Microsoft Sentinel Deployment & Log Ingestion: Ingesting Platform Logs via Diagnostic Settings

Question

Hello Immersive Labs community,I’ve been working through the lab tasks and successfully completed tasks 1 through 6. However, I’m stuck on&nbsp;task 7, which asks:"A storage account has been deleted. What would be the data type of the generated log?"The task seems oddly described, and I can’t find any clear hints in the lab briefing or online resources. I’ve tried querying various data types like&nbsp;AzureActivity,&nbsp;AuditLogs,&nbsp;StorageBlobLogs,&nbsp;StorageFileLogs, and others, but none seem to fit correctly.Could anyone provide guidance or confirm which data type is actually relevant for this scenario? Are there any specific tips or resources I might be missing?Thanks in advance for your help!

samdickison · Answer

The two hints I managed to find, whether they helpful or not...&nbsp;1. Start by filtering for the specific operation: AzureActivity | where OperationNameValue has "delete"
2. Remember that platform logs regarding the lifecycle of a resource are categorized differently than logs regarding the usage of that resource.Any help?

Forum Discussion

Microsoft Sentinel Deployment & Log Ingestion: Ingesting Platform Logs via Diagnostic Settings

1 Reply

Featured Places

Help

Related Content

Microsoft Sentinel Deployment & Log Ingestion: Ingesting Platform Logs via Diagnostic Settings

Elastic Data Ingest: Ep.2 – Filebeat

Elastic Data Ingest: Ep.1 – Auditbeat

Elastic Data Ingest: Ep.5 – Packetbeat

From Design to Deployment - Securing AI Architectures

Recent Discussions

Microsoft Sentinel Deployment & Log Ingestion: Ingesting Platform Logs via Diagnostic Settings

Which equation does Metrolio use to calculate the maximum speed?

Microsoft Foundry Guardrails: Jailbreak Protection issue with http://metroliochat.com

Threat Research: Dependency Confusion lab -Listener not showing a successful connection with target server

Gemini CLI Lab issue