Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.
Top 10 cloud audit operations
Get the top 10 most common cloud audit operations across all cloud platforms.
CloudAuditEvents
| summarize Count = count() by OperationName
| top 10 by Count
Cloud audit events from anonymous proxies
Cloud audit events originating from anonymous proxy IP addresses.
CloudAuditEvents
| where IsAnonymousProxy == true
| summarize Count = count() by IPAddress, CountryCode, City
| order by Count desc
| limit 100
Cloud resource deletion operations
Cloud audit events with delete action type, grouped by data source and operation.
CloudAuditEvents
| where ActionType == "Delete"
| summarize Count = count() by DataSource, OperationName
| order by Count desc