Managed Azure Sentinel

How To Connect Azure Activity log to Azure Sentinel?

Steps to connect Azure Activity log to Azure Sentinel.

You can stream logs from Azure Activity log into Azure Sentinel with a single click. The Activity Log is a subscription log that provides insight into subscription-level events that occurred in Azure. 

  1. In Azure Sentinel, select Data connectors and then click the Azure Activity log tile.
  2. In the Azure Activity log pane, select the subscriptions you want to stream into Azure Sentinel.
  3. Click Connect.
  4. To use the relevant schema in Log Analytics for the Azure Activity alerts, search for AzureActivity.