Perimeter 81 Activity Logs connector for Microsoft Sentinel
The Perimeter 81 Activity Logs connector allows you to easily connect your Perimeter 81 activity logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | Perimeter81_CL |
| Data collection rules support | Not currently supported |
| Supported by | Perimeter 81 |
Query samples
User login failures
Perimeter81_CL
| where eventName_s == "api.activity.login.fail"
Application authorization failures
Perimeter81_CL
| where eventName_s == "api.activity.application.auth.fail"
Application session start
Perimeter81_CL
| where eventName_s == "api.activity.application.session.start"
Authentication failures by IP & email (last 24 hours)
Perimeter81_CL
| where TimeGenerated > ago(24h) and eventName_s in ("api.activity.login.fail", "api.activity.vpn.auth.fail", "api.activity.application.auth.fail")
| summarize count(releasedBy_email_s) by ip_s, releasedBy_email_s
| where count_releasedBy_email_s > 1
Resource deletions by IP & email (last 24 hours)
Perimeter81_CL
| where TimeGenerated > ago(24h) and eventName_s matches regex "api.activity.*.remove*
|api.activity.*.delete*
|api.activity.*.destroy*"
| summarize count(releasedBy_email_s) by ip_s, releasedBy_email_s
| where count_releasedBy_email_s > 1
Vendor installation instructions
Please note the values below and follow the instructions here to connect your Perimeter 81 activity logs with Microsoft Sentinel.
Next steps
For more information, go to the related solution in the Azure Marketplace.