Azure Sentinel VM queries

Dartey Banahene 1 Reputation point

I'm trying to understand why "Some" of the default queries in Azure Sentinel, don't work.

  1. We have a lot of VMs that are functioning and running
  2. Some of the queries work
  3. The ones that don't seem to be CPU Usage, Memory, things of that nature.
  4. Is there some type of setup that needs to happen to pull this particular info in?
  5. Why is it that some information from the VM's come in like Updates that are needed etc. But not the "Hardware" or "Resource" based info?
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
922 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Clive Watson - MSFT 106 Reputation points

    To get Perf data you need to collect that from the agent, typically by going to:

    or by enabling VM insights.

    This is data you wouldn't typically put in the same Workspace as Azure Sentinel for cost reasons.

    0 comments No comments