Skip to main content
Sumo Logic

Install the Azure Audit App and view the Dashboards

Install the Sumo Logic App 

Now that you have set up collection for Azure Audit, install the Sumo Logic App for Azure Audit to use the preconfigured searches and Dashboards that provide insight into your data. 

To install the app:

  1. Select App Catalog, search for and select the app, and click Add to Library. (In the classic UI, click Library, click Apps, select the app, and click Install. If you don't find the app under Apps, it might be a preview app. Try clicking Preview to find the app.)
  2. Click Preview Dashboards if you'd like to see a preview of the dashboards included with the app before installing.
  3. In the Install Application dialog box, select the installation path (the default is the Personal folder in the library), or click New Folder to add a new folder.
  4. Select either of these options for the log data source.
  • Choose Select from Existing Source Categories, and select the source catalog from the Source Category list.
  • Choose Enter a Custom Data Filter and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).
  1. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each Panel slowly fills with data matching the time range query and received since the Panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboards

The predefined Dashboards on Azure Audit allow you to instantly monitor the activities and events. All the dashboards in the App, except the Azure Audit - Active Directory dashboard, support logs from both Event Hub and Insight API.

Azure Audit - Overview

Use this dashboard to get a high-level view of the Azure activity by location, and details of events.

Overview

Azure Activity by Source Location. Performs a geo lookup operation to display the location of Azure activity by Source location on a map of the world for the last seven days.

Events by Level. Displays events by level in a pie chart for the last seven days.

Events by Status. Shows details on events by status in a stacked column chart on a timeline for the last seven days.

Events by Caller. Provides details on events by caller in a stacked column chart on a timeline for the last seven days.

Events by Resource Group. Displays details on events by Resource Group in a stacked column chart on a timeline for the last seven days.

Events by Category. Shows details on events by category in a stacked column chart on a timeline for the last seven days.

Azure Audit - Active Directory

Use this dashboard to see details on Azure Active Directory actions, recent additions, updates, and deletions.

Active Directory

AD Actions by User. Displays Active Directory actions by user in a stacked bar chart for the last 14 days.

AD Actions by Day. Shows Active Directory actions by day in a stacked column chart on a timeline for the last 14 days.

Recent Adds. Provides details on recent adds in a table chart including details on the source user, action, destination user, and time for the last 14 days.

Recent Updates. Displays details on recent updates in a table chart including details on the source user, action, destination user, and time for the last 14 days.

Recent Deletions. Shows information on recent deletions in a table chart including details on the source user, action, destination user, and time for the last 14 days.

Azure Audit - Resource Usage

Use this dashboard to see the details on resource group and resource provider.

Resource Usage

Events by Resource Group. Displays details on events by Resource Group across time in a stacked column chart on a timeline for the last seven days.

Resource Group Events. Shows Resource Group events in a pie chart for the last seven days.

Resource Provider Events. Shows information on Resource Provider events in a pie chart for the last seven days.

Operations by Resource Group. Shows details on operations by Resource Group by name and count in a stacked column chart for the last seven days.

Operations by Resource Provider. Shows details on operations by Resource Provider by name and count for last seven days.

Resource Providers by Resource Group. Displays details on Resource Providers by Resource Group by name and count in a stacked column chart for the last seven days.

Events by Resource Provider. Displays details on events by Resource Provider across time in a stacked column chart on a timeline for the last seven days.

Azure Audit - Service Health

Use this dashboard to see the details on Azure service health such as the level, status, and events.

Service Health

Level. Displays information by level in a pie chart for the last seven days.

Status. Shows information by status in a pie chart for the last seven days.

Events Details. Provides information on Azure service health events in a table chart, including details such as operation name, description, level, correlation ID, event name, location, status, and time for the last seven days.

Events Over Time. Displays events over time in a column chart on a timeline for the last seven days.

Unresolved Events. Provides information on unresolved service health events in a table chart, including details on correlation ID, level, event name, location, status, and time for the last 30 days.

Azure Audit - User Activity

Use this dashboard to see the details on events, resources, and users.

User Activity

Events by Location. Performs a geo lookup operation to display user activity events by IP address location on a map of the world for the last seven days.

Resource Deletions. Displays resource deletions in a pie chart for the last seven days.

Resource Creations. Provides details on resource creations in a pie chart for the last seven days.

Top 10 Users. Displays the top 10 users by name and event count in a bar chart for the last seven days.

Resource Groups by Caller. Shows Resource Groups by caller in a stacked bar chart by name and count for the last seven days.

Events by User. Provides details on events per user in an area chart on a timeline for the last seven days.

Operations by User. Displays operations by user in a stacked column chart by name and count for the last seven days.