Page Comparison

...

Info
The collector versions not mentioned here are having changes not related to event mapping for auto-categorization functionality.

Expand

title	Version 2.02.0

Provider	Service	Category	Devo table	Since version
`Microsoft.ContainerService`	`MANAGEDCLUSTERS`	`kube-audit`	`cloud.azure.aks.kube_audit`	1.0.16
		`kube-audit-admin`	`cloud.azure.aks.kube_audit_admin`	1.0.16
		`kube-controller-manager`	`cloud.azure.aks.kube_controller_manager`	1.0.16
		`kube-scheduler`	`cloud.azure.aks.kube_scheduler`	1.0.16
		`cluster-autoscaler`	`cloud.azure.aks.cluster_autoscaler`	1.0.16
		`guard`	`cloud.azure.aks.guard`	1.0.16
		`Policy`	`cloud.azure.aks.policy`	1.0.16
		`Administrative`	`cloud.azure.aks.administrative`	1.0.16
`Microsoft.Network`	`APPLICATIONGATEWAYS`	`ApplicationGatewayAccessLog`	`cloud.azure.appgateway.access_log`	1.0.16
		`ApplicationGatewayFirewallLog`	`cloud.azure.appgateway.firewall_log`	1.0.16
		`Policy`	`cloud.azure.appgateway.policy`	1.0.16
		`Administrative`	`cloud.azure.appgateway.administrative`	1.0.16
	`AZUREFIREWALLS`	`AzureFirewallApplicationRule`	`cloud.azure.firewall.application_rule`	1.0.16
		`AzureFirewallNetworkRule`	`cloud.azure.firewall.network_rule`	1.0.16
		`AzureFirewallDnsProxy`	`cloud.azure.firewall.dns_proxy`	1.0.16
	`FRONTDOORS`	`FrontdoorAccessLog`	`cloud.azure.frontdoor.access`	1.0.24
	`FRONTDOORS`	`FrontdoorWebApplicationFirewallLog`	`cloud.azure.frontdoor.waf`	1.0.24
	`NETWORKSECURITYGROUPS`	`NetworkSecurityGroupEvent`	`cloud.azure.virtualnetwork.net_sec_group_event`	1.0.25
	`NETWORKSECURITYGROUPS`	`NetworkSecurityGroupRuleCounter`	`cloud.azure.virtualnetwork.net_sec_group_rule_counter`	1.0.25
	`VIRTUALNETWORKGATEWAYS`	`IKEDiagnosticLog`	`cloud.azure.vngateways.ikediagnos`	1.0.25
`Microsoft.Storage`	`STORAGEACCOUNTS`	`Administrative`	`cloud.azure.storage.administrative`	1.0.16
`Microsoft.Storage`	`STORAGEACCOUNTS`	`ResourceHealth`	`cloud.azure.storage.resourcehealth`	1.0.16
`Microsoft.Web`	`SITES`	`Administrative`	`cloud.azure.appservice.calculated_category`	1.0.16
`Microsoft.Web`	`SITES`	`Policy`	`cloud.azure.appservice.policy`	1.0.16
`Microsoft.ContainerRegistry`	`REGISTRIES`	`ContainerRegistryLoginEvents`	`cloud.azure.contregistry.login`	1.0.16
`Microsoft.DBforPostgreSQL`	`SERVERS`	`PostgreSQLLogs`	`cloud.azure.postgresql.events`	1.0.16
`Microsoft.Compute`	`VIRTUALMACHINES`	`Administrative`	`cloud.azure.vm.administrative`	1.0.16
		`ResourceHealth`	`cloud.azure.vm.resourcehealth`
		`Policy`	`cloud.azure.vm.policy`	1.0.16
		`Recommendation`	`cloud.azure.vm.recommendation`	1.0.16
		`SecurityEvent`	`cloud.azure.vm.securityevent`	1.3.0
		`Syslog`	`cloud.azure.vm.unix`	1.3.0
	`VIRTUALMACHINESCALESETS`	`Administrative`	`cloud.azure.vmscalesets.administrative`	1.0.16
		`ResourceHealth`	`cloud.azure.vmscalesets.resourcehealth`	1.0.16
		`Policy`	`cloud.azure.vmscalesets.policy`	1.0.16
		`Autoscale`	`cloud.azure.vmscalesets.autoscale`	1.0.16
`Microsoft.DataFactory`	`FACTORIES`	`Administrative`	`cloud.azure.datafactory.administrative`	1.0.16
`Microsoft.Insights`	`ACTIVITYLOGALERTS`	`Alert`	`cloud.azure.monitor.alert`	1.0.16
`Microsoft.Security`	`LOCATIONS`	`Security`	`cloud.azure.securitycenter.security`	1.0.16
`Microsoft.KeyVault`	`VAULTS`	`AuditEvent`	`cloud.azure.keyvault.audit`	1.0.16
		`Administrative`	`cloud.azure.keyvault.administrative`	1.0.16
		`Policy`	`cloud.azure.keyvault.policy`	1.0.16
		`AzurePolicyEvaluationDetails`	`cloud.azure.keyvault.policy_evaluation_details`	1.2.0
`Microsoft.aadiam`	<empty>	`SignInLogs`	`cloud.azure.ad.signin`	1.0.16
		`AuditLogs`	`cloud.azure.ad.audit`	1.0.16
		`NonInteractiveUserSignInLogs`	`cloud.azure.ad.noninteractive_user_signin`	1.0.24
		`ServicePrincipalSignInLogs`	`cloud.azure.ad.service_principal_signin`	1.0.17
		`ProvisioningLogs`	`cloud.azure.ad.provisioning`	1.0.17
		`ManagedIdentitySignInLogs`	`cloud.azure.ad.managed_identity_signin`	1.0.24
		`UserRiskEvents`	`cloud.azure.ad.user_risk_events`	1.2.0
		`RiskyUsers`	`cloud.azure.ad.risky_users`	1.2.0
		`ServicePrincipalRiskEvents`	`cloud.azure.ad.service_principal_risk_events`	1.2.0
		`RiskyServicePrincipals`	`cloud.azure.ad.risky_service_principals`	1.2.0
		`MicrosoftGraphActivityLogs`	`cloud.azure.ad.microsoft_graph_activity_logs`	2.0.0
`Microsoft.OperationalInsights`	`WORKSPACES`	`Audit`	`cloud.azure.monitor.audit`	1.0.17
`MICROSOFT.SQL`	`SERVERS`	`AutomaticTuning`	`cloud.azure.sql.automatic_tuning`	1.0.24
	`SERVERS`	`QueryStoreRuntimeStatistics`	`cloud.azure.sql.query_store_runtime`	1.0.24
	`MANAGEDINSTANCES`	`resourceusagestats`	`cloud.azure.sql.resourceusagestats`	1.0.69
	`MANAGEDINSTANCES`	`sqlsecurityauditevents`	`cloud.azure.sql.securityauditevents`	1.0.69
`MICROSOFT.RECOVERYSERVICES`	`VAULTS`	`AddonAzureBackupJobs`	`cloud.azure.siterecovery.addon_backup_jobs`	1.0.25
		`AddonAzureBackupPolicy`	`cloud.azure.siterecovery.addon_backup_policy`	1.0.25
		`AddonAzureBackupProtectedInstance`	`cloud.azure.siterecovery.addon_backup_protected_inst`	1.0.25
		`AddonAzureBackupStorage`	`cloud.azure.siterecovery.addon_backup_storage`	1.0.25
		`AzureBackupReport`	`cloud.azure.siterecovery.backup_report`	1.0.25
		`AzureSiteRecoveryRecoveryPoints`	`cloud.azure.siterecovery.site_rec_recovery_points`	1.0.25
		`AzureSiteRecoveryReplicatedItems`	`cloud.azure.siterecovery.site_rec_replicated_items`	1.0.25
		`AzureSiteRecoveryReplicationStats`	`cloud.azure.siterecovery.site_rec_rep_stats`	1.0.25
		`CoreAzureBackup`	`cloud.azure.siterecovery.core_backup`	1.0.25
`MICROSOFT.DESKTOPVIRTUALIZATION`	`HOSTPOOLS`	`agenthealthstatus`	`cloud.azure.hostpools.agenthealthstatus`	1.0.69
		`connection`	`cloud.azure.hostpools.connection`	1.0.69
		`checkpoint`	`cloud.azure.hostpools.checkpoint`	1.0.69
		`error`	`cloud.azure.hostpools.error`	1.0.69
		`management`	`cloud.azure.hostpools.management`	1.0.69
`MICROSOFT.SERVICEBUS`	<empty>	<empty>	`cloud.azure.servicebus.metrics`	1.2.0
`MICROSOFT.SERVICEBUS`	<empty>	`OperationalLogs`	`cloud.azure.servicebus.operational`	1.2.0
`MICROSOFT.DOCUMENTDB`	<empty>	`ControlPlaneRequests`	`cloud.azure.cosmosdb.control_plane_requests`	1.2.0
		`DataPlaneRequests`	`cloud.azure.cosmosdb.data_plane_requests`	1.2.0
		`MongoRequests`	`cloud.azure.cosmosdb.mongo_requests`	1.2.0
		`PartitionKeyRUConsumption`	`cloud.azure.cosmosdb.partition_key_ru_consumption`	1.2.0
		`PartitionKeyStatistics`	`cloud.azure.cosmosdb.partitionkey_statistics`	1.2.0
		`QueryRuntimeStatistics`	`cloud.azure.cosmosdb.query_runtime_statistics`	1.2.0
`Microsoft Intune`	<empty>	`AuditLogs`	`cloud.azure.intune.audit`	2.2.0
		`DeviceComplianceOrg`	`cloud.azure.intune.device_compliance`	2.2.0
		`Devices`	`cloud.azure.intune.devices`	2.2.0
		`OperationLogs`	`cloud.azure.intune.operation`	2.2.0

If none of the previous patterns are matched, the following ones will be applied:

Provider	Service	Category	Devo table
`*`	`*`	`Administrative`	`cloud.azure.others.administrative`
		`Autoscale`	`cloud.azure.others.autoscale`
		`Policy`	`cloud.azure.others.policy`
		`Recommendation`	`cloud.azure.others.recommendation`
		`ResourceHealth`	`cloud.azure.others.resourcehealth`

The basic type detection will be applied for other values:

Message type	Devo table
`event`	`cloud.azure.others.events`
`metric`	`cloud.azure.eh.metrics`

...

Versions Compared

Old Version 2

New Version Current

Key