Query Details
SQL Server Audit Logs
Query
//Azure SQL Server Audit Logs //Requires Azure SQL Server auditing enabled: https://azurecloudai.blog/2020/10/29/how-to-send-azure-sql-server-audit-logs-to-azure-sentinel/ AzureDiagnostics | where TimeGenerated > ago(24h) | where Category == "SQLSecurityAuditEvents"
Explanation
This query retrieves Azure SQL Server audit logs for the past 24 hours, specifically focusing on the category of SQL security audit events.
Details
Rod Trent
Released: October 29, 2020
Tables
AzureDiagnostics
Keywords
AzureDiagnostics,TimeGenerated,Category,SQLSecurityAuditEvents
Operators
| projectsummarizecountdistinctwhereago==