Azure Stream Analytics connector for Microsoft Sentinel
Azure Stream Analytics is a real-time analytics and complex event-processing engine that is designed to analyze and process high volumes of fast streaming data from multiple sources simultaneously. This connector lets you stream your Azure Stream Analytics hub diagnostics logs into Microsoft Sentinel, allowing you to continuously monitor activity.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | AzureDiagnostics (Stream Analytics) |
| Data collection rules support | Not currently supported |
| Supported by | Microsoft Corporation |
Query samples
All logs
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.STREAMANALYTICS"
Count By Stream Analytics
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.STREAMANALYTICS"
| summarize count() by Resource
Prerequisites
To integrate with Azure Stream Analytics make sure you have:
- Policy: owner role assigned for each policy assignment scope
Vendor installation instructions
Connect your Azure Stream Analytics diagnostics logs into Sentinel.
This connector uses Azure Policy to apply a single Azure Stream Analytics log-streaming configuration to a collection of instances, defined as a scope. Follow the instructions below to create and apply a policy to all current and future instances. Note, you may already have an active policy for this resource type.
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for