Azure Data Lake Storage Gen1 connector for Microsoft Sentinel
Azure Data Lake Storage Gen1 is an enterprise-wide hyper-scale repository for big data analytic workloads. Azure Data Lake enables you to capture data of any size, type, and ingestion speed in one single place for operational and exploratory analytics. This connector lets you stream your Azure Data Lake Storage Gen1 diagnostics logs into Microsoft Sentinel, allowing you to continuously monitor activity. For more information, see the Microsoft Sentinel documentation.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | AzureDiagnostics (Data Lake Storage Gen1) |
| Data collection rules support | Not currently supported |
| Supported by | Microsoft Corporation |
Query samples
All logs
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.DATALAKESTORE"
Count By Data Lake Storage
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.DATALAKESTORE"
| summarize count() by Resource
Prerequisites
To integrate with Azure Data Lake Storage Gen1 make sure you have:
- Policy: owner role assigned for each policy assignment scope
Vendor installation instructions
Connect your Azure Data Lake Storage Gen1 diagnostics logs into Sentinel.
This connector uses Azure Policy to apply a single Azure Data Lake Storage Gen1 log-streaming configuration to a collection of instances, defined as a scope. Follow the instructions below to create and apply a policy to all current and future instances. Note, you may already have an active policy for this resource type.
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for