The Sumo Logic App for Azure Audit allows you to collect data from the Azure Activity Log (formerly known as Azure Audit logs) and monitor the health of your Azure environment. The App provides preconfigured Dashboards that allow you to monitor Active Directory activity, resource usage, service health, and user activity. Logs can be collected in two ways - from Event Hub, and from Azure Insight API using Sumo Powershell scripts.
To use the App, perform the steps in the following sections.
To collect from Azure Insight API, you've to first create an Active Directory Application in the Azure classic portal, then from the Azure Marketplace, you will run the Sumo Logic Azure Audit Logs solutions template.
To collect Azure Audit logs from Event Hub, you would first need to create an Event Hub, export activity logs to the Event Hub, create a Function App, define the required environment variables, and finally deploy the function.
Then finally, install the Sumo Logic App for Azure Audit.