The query also shows the name of the user who accessed the schema, the client IP address, the server instance name, the database name, the schema name, the object name, and the event time. It filters the results to show only events related to the specified schema name, and the action of accessing a schema object. This query uses the Azure Activity log to retrieve audit logs related to SQL security events. | project principal_name_s, client_ip_s, server_instance_name_s, database_name_s, schema_name_s, object_name_s, event_time_t | where action_s = "SCHEMA_OBJECT_ACCESS_GROUP"
| where Category = "SQLSecurityAuditEvents" You can customize the query to include additional fields or filter criteria based on your specific needs. The query projects several fields including the TimeGenerated, ResourceId, ResourceGroupName, ResourceProviderName, ResourceTypeName, OperationName, OperationStatus, Caller, CorrelationId, ActivityId, SubscriptionId, ResourceLocation, ResourceSize, ResourceUri, Category, EventDataId, Level, Description, and Properties. This query retrieves all Azure Activity logs generated within the past 7 days. | project TimeGenerated, ResourceId, ResourceGroupName, ResourceProviderName, ResourceTypeName, OperationName, OperationStatus, Caller, CorrelationId, ActivityId, SubscriptionId, ResourceLocation, ResourceSize, ResourceUri, Category, EventDataId, Level, Description, Properties The query filters the results to show only the Resource ID, Resource Group name, Resource Provider name, Resource Type name, Operation name, Caller (i.e., the user who performed the operation), and TimeGenerated (i.e., when the operation was performed). For example, you could use “Microsoft.Compute/virtualMachines” as the resource type and “Create or Update Virtual Machine” as the operation name. You’ll need to replace and with the actual resource type and operation name you want to search for. This query retrieves Azure Activity logs for a specific resource type and operation name, within the past 7 days. | project ResourceId, ResourceGroupName, ResourceProviderName, ResourceTypeName, OperationName, Caller, TimeGenerated These logs contain information such as who performed the operation, what operation was performed, and when it was performed.Īzure Activity logs can be used to monitor and audit activity in your Azure environment. It provide insight into operations that were performed on Azure resources, such as creating, updating, or deleting a resource. Azure Activity and Azure Diagnostic logs are two different services in Azure that provide different types of logs.
0 kommentar(er)
