azure-monitor-audit
1
总安装量
1
周安装量
#55402
全站排名
安装命令
npx skills add https://github.com/bagelhole/devops-security-agent-skills --skill azure-monitor-audit
Agent 安装分布
opencode
1
codex
1
claude-code
1
Skill 文档
Azure Monitor Audit
Audit Azure activity with Monitor and Activity Logs.
Diagnostic Settings
# Enable diagnostic settings
az monitor diagnostic-settings create \
--name audit-logs \
--resource /subscriptions/{sub}/resourceGroups/{rg}/providers/... \
--logs '[{"category":"AuditEvent","enabled":true}]' \
--workspace /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.OperationalInsights/workspaces/{workspace}
Activity Log Export
# Export activity log to Log Analytics
az monitor diagnostic-settings subscription create \
--name activity-log-export \
--location global \
--logs '[{"category":"Administrative","enabled":true},{"category":"Security","enabled":true}]' \
--workspace /subscriptions/.../workspaces/audit-workspace
Log Analytics Queries
// Failed login attempts
AuditLogs
| where TimeGenerated > ago(24h)
| where ResultType != "0"
| project TimeGenerated, Identity, ResultDescription, IPAddress
// Administrative changes
AzureActivity
| where CategoryValue == "Administrative"
| where OperationNameValue contains "write" or OperationNameValue contains "delete"
| project TimeGenerated, Caller, OperationNameValue, ResourceGroup
Best Practices
- Centralize to Log Analytics
- Long-term archive to Storage
- Configure alerts
- Regular query reviews