Data Sources

Data sources available for use by the ICS community

Platforms

ICS supported platforms.

Teams

ICS Teams


Menu Button Menu Button

Resource Group: DefaultResourceGroup-eastus2

Overview

The resource group DefaultResourceGroup-eastus2 primarily hosts an Azure Log Analytics workspace designed for monitoring and analyzing logs from various sources. This workspace is established in the eastus2 region, facilitating log management across Azure services and enabling performance monitoring, alerting, and diagnostics for applications and infrastructure.

Resources

1. Log Analytics Workspace

  • Type: Microsoft.OperationalInsights/workspaces
  • Name: DefaultWorkspace-eastus2
  • Location: eastus2
  • Properties:
    • SKU: PerGB2018
    • Retention: 30 days
    • Public Network Access for Ingestion: Enabled
    • Public Network Access for Query: Enabled
    • Workspace capping: No daily quota
  • Relationships: This workspace is the central resource for logging and monitoring. All the saved searches, tables, and resource links originate from this workspace.

2. Saved Searches

The workspace features multiple saved searches which facilitate tailored querying across various log types. Each saved search correlates to specific log management categories such as General Exploration and Log Management. Examples include:

  • All Computers: Shows all monitored computers with their recent data.
  • Data Points per Management Group: Analyzes which management groups generate the most data points.
  • Stale Computers: Identifies computers with data older than 24 hours.

These saved searches provide powerful insights into the data captured in the Log Analytics workspace.

3. Tables

The workspace includes a range of tables, all with a retention period of 30 days, capturing detailed logs from various Azure services, applications, and configurations. For instance:

  • AACAudit, AADUserRiskEvents, SynapseIntegrationPipelineRuns, and many others provide actionable insights into different services and applications.

4. Additional Resources

A multitude of additional log tables has been created under Log Analytics, such as:

  • Audit Logs: Tracks changes and access across Azure resources.
  • Heartbeat: Monitors availability and responsiveness of resources.
  • Syslog: Centralizes logs from Linux-based systems.
  • Performance Metrics: Ranges from application availability metrics to detailed telemetry on resource usage.

Data Storage

Data generated from logs, queries, and analytics are primarily stored within the Log Analytics workspace (DefaultWorkspace-eastus2). Data retention settings are configured to ensure compliance with storage policies. The stored data can also be queried to derive insights or troubleshoot issues across Azure services.

Networking

  • Public Access: The workspace is accessible over public networks for data ingestion and querying, indicating that it may be exposed to external access.
  • No Specific Virtual Network Configuration Included: The template does not define any Virtual Networks or Subnets. If the workspace interacts with resources that should not be exposed publicly, such as databases or sensitive services, it is critical to implement network security groups or other controls to restrict access.

Security Overview

  • Public Network Access Enabled: This presents a potential security risk as data ingestion and querying over the public internet could expose sensitive data.
    • Recommendation: It’s advisable to limit access to trusted services or to implement Private Link for Azure services to create private endpoints and ensure that traffic does not traverse the public internet.
  • Retention Policy: The logs and analyses from this workspace are retained for 30 days, which provides a window for review and analysis. However, compliance requirements may necessitate longer retention.
    • Recommendation: Evaluate retention needs based on legal or business requirements and adjust the policy accordingly.
  • Role-Based Access Control (RBAC): Ensuring that proper access controls are in place for managing who can view or interact with this analytics data is critical.

Other Information

  • Cost Management: Monitor the volume of data ingested into the workspace as higher amounts can lead to increased costs based on the PerGB pricing model. Set up alerts to manage costs effectively.
  • Scalability: This resource group is designed to scale with the organization's needs as it collects logs from a variety of services. As the organization grows, consider implementing more advanced features in Azure Monitor or integrating with other services.
  • Operational Insights: Leveraging the saved searches and log tables provides deep insights into performance and security issues across services. Consider regular reviews of the saved searches to align with evolving operational and security monitoring needs.

Overall, this reference document serves as a comprehensive guide for understanding the resources within the DefaultResourceGroup-eastus2 Azure Resource Group, detailing configurations, security considerations, and operational best practices pertinent for efficient management and monitoring.

Note: This document was generated using the Azure Assistants script and an LLM

Table of Contents

Updated on October 29, 2024