Microsoft Log Analytics
App Vendor: Microsoft
App Category: Analytics & SIEM
Connector Version: 1.0.0
API Version: 1.0.0
About App
The Microsoft Log Analytics app enables security analysts to collect and analyze data generated by resources in the cloud and on-premise environments.
The Microsoft Logs Analytics app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Execute Query | This action executes an analytics query. |
Get Saved Searches by Workspace | This action retrieves a list of saved searches by workspaces. |
Get Details of a Saved Search | This action retrieves the details of a specific saved search. |
Configuration Parameters
The following configuration parameters are required for the Microsoft Logs Analytics connector app to communicate with the Microsoft Logs Analytics enterprise application. The parameters can be configured by creating instances in the connector app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Client ID | Enter the client ID. | Text | Required | |
Client Secret | Enter the client secret key. | Text | Required | |
Tenant ID | Enter the tenant ID. | Text | Required |
Action: Execute Query
This action executes an analytics query.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Workspace ID | Enter the workspace ID. Example: "96e51621-d4bc-447b-92a0-631373304146" | Text | Required | |
Query | Enter the query text that you want to execute. Example: "Usage | take 10" | Text | Required | |
Workspaces | Enter the list of workspaces. Example: $LIST["azurepoc-workspace"] | List | Required | |
Timespan | Enter the timespan in ISO8601 format. Example: "PT12H" | Text | Optional | This timespan is applied in addition to the timespan that is specified in the query expression. |
Example Request
[
{
"query": "Usage | take 10",
"workspaces": [
"azurepoc-workspace"
],
"workspace_id": "96e51621-d4bc-447b-92a0-631373304146",
"timespan": "PT12H"
}
]Action: Get Saved Searches by Workspace
This action retrieves a list of saved searches by workspaces.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Subscription ID | Enter the subscription ID. Example: "9677ae65-e240-48aa-b929-13d57393b8c9" | Text | Required | |
Resource Group Name | Enter the resource group name. Example: "azurepoc" | Text | Required | |
Workspace Name | Enter the workspace name. Example: "azurepoc-workspace" | Text | Required | |
API Version | Enter the API version. Example: "2020-08-01" | Text | Optional | Default value: "2020-08-01" |
Example Request
[
{
"workspace_name": "azurepoc-workspace",
"subscription_id": "9677ae65-e240-48aa-b929-13d57393b8c9",
"resource_group_name": "azurepoc",
"api_version": "2020-08-01"
}
]Action: Get Details of a Saved Search
This action retrieves the details of a specific saved search.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Subscription ID | Enter the subscription ID. Example: "9677ae65-e240-48aa-b929-13d57393b8c9" | Text | Required | |
Resource Group Name | Enter the resource group name. Example: "azurepoc" | Text | Required | |
Workspace Name | Enter the workspace name. Example: "azurepoc-workspace" | Text | Required | |
Saved Search ID | Enter the saved search id. Example: "e8342b97-1dad-4626-b4e7-ffd5e553527c" | Text | Required | |
API Version | Enter the api version. Example: "2020-08-01" | Text | Optional | Default value: "2020-08-01" |
Example Request
[
{
"workspace_name": "azurepoc-workspace",
"saved_search_id": "e8342b97-1dad-4626-b4e7-ffd5e553527c",
"subscription_id": "9677ae65-e240-48aa-b929-13d57393b8c9",
"resource_group_name": "azurepoc",
"api_version": "2020-08-01"
}
]