Azure Cognitive Search connector for Microsoft Sentinel

Azure Cognitive Search is a cloud search service that gives developers infrastructure, APIs, and tools for building a rich search experience over private, heterogeneous content in web, mobile, and enterprise applications. This connector lets you stream your Azure Cognitive Search diagnostics logs into Microsoft Sentinel, allowing you to continuously monitor activity.

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Connector attribute Description
Log Analytics table(s) AzureDiagnostics (Cognitive Search)
Data collection rules support Not currently supported
Supported by Microsoft Corporation

Query samples

All logs

AzureDiagnostics 

| where ResourceProvider == "MICROSOFT.SEARCH" 

Count By Cognitive Search

AzureDiagnostics 

| where ResourceProvider == "MICROSOFT.SEARCH" 

| summarize count() by Resource

Prerequisites

To integrate with Azure Cognitive Search make sure you have:

  • Policy: owner role assigned for each policy assignment scope

Vendor installation instructions

Connect your Azure Cognitive Search diagnostics logs into Sentinel.

This connector uses Azure Policy to apply a single Azure Cognitive Search log-streaming configuration to a collection of instances, defined as a scope. Follow the instructions below to create and apply a policy to all current and future instances. Note, you may already have an active policy for this resource type.