Azure Activity Logs
Azure Activity Logs provide a record of operations performed on Azure resources, offering insights into control plane actions such as resource creation, modification, and deletion. These logs include details like the user who initiated the action, the timestamp, and the result of the operation. Azure Activity Logs are crucial for auditing changes, monitoring resource management, and ensuring compliance with organizational governance and security policies.
Ingest Method
Azure activity logs can be ingested using either an Azure storage bucket or pushed to RunReveal using a webhook.
Azure storage buckets are inherently cheaper than using the webhook method but logs can be delayed by up to an hour. The webhook ingestion imports logs as soon as they are generated, but using an event hub can become more expensive if there are lots of logs.