| Question.11 You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server 2016 and Linux. You need to use Azure Monitor to design an alerting strategy for security-related events. Which Azure Monitor Logs tables should you query? In the real exam, drag the appropriate tables to the correct log types. Each table may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. Each correct selection is worth one point. Select and Place:  Check the answer section |
11. Click here to View Answer
To design an alerting strategy for security-related events in Azure Monitor, you should query the following Azure Monitor Logs tables:
1. SecurityEvent – This table contains security events and other system events that are generated by Windows operating systems. The table includes information about the event, such as the event ID, event source, and severity level.
2. Syslog – This table contains security-related events and other system events that are generated by Linux and other Unix-based operating systems. The table includes information about the event, such as the facility and severity level.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-syslog