Chapter 2: Azure Monitor – Log Analytics

In this chapter, we will explore the Azure Monitor Log Analytics platform, which is used to store all the log data that will be analyzed by Azure Sentinel. This is the first component that needs to be designed and configured when implementing Azure Sentinel, and will require some ongoing maintenance to configure the data storage options and control the costs associated with the solution.

This chapter will also explain how to create a new workspace using the Azure portal, PowerShell, and the CLI. Once a workspace has been created, we will learn how to attach various resources to it so that information can be gathered, and we will explore the other navigation menu options.

By the end of this chapter you will know how to set up a new workspace, connect to resources to gather data, enable Azure Sentinel for data analysis, and configure some of the advanced features to ensure security and cost management.

We will cover the following topics in this chapter:

• Introduction to Azure Monitor Log Analytics
• Planning a workspace
• Creating a workspace
• Managing permissions of the workspace
• Enabling Azure Sentinel
• Exploring the Azure Sentinel Overview page
• Connecting your first data source
• Advanced settings for Log Analytics