Document toolboxDocument toolbox

Auto-categorization of Microsoft Azure service messages

Owned by Juan Tomás Alonso Nieto (Deactivated)
Jul 16, 2024
2 min read

In the table below are listed the patterns that will be used for detecting the message type, the Provider, Service, and Category pattern values would be used to route the message to the proper Devo table.

Each message stored in an EventHub service is generated by one data Provider and also by one Service, and finally, it's also having a Category field, which all together determine the message type.

Over time, the auto-categorization patterns have been improved and expanded in the different collector versions, the tables below contain the pattern values released in each version.

The collector versions not mentioned here are having changes not related to event mapping for auto-categorization functionality.

Provider

Service

Category

Devo table

Since version

Provider

Service

Category

Devo table

Since version

Microsoft.ContainerService

MANAGEDCLUSTERS

kube-audit

cloud.azure.aks.kube_audit

1.0.16

kube-audit-admin

cloud.azure.aks.kube_audit_admin

1.0.16

kube-controller-manager

cloud.azure.aks.kube_controller_manager

1.0.16

kube-scheduler

cloud.azure.aks.kube_scheduler

1.0.16

cluster-autoscaler

cloud.azure.aks.cluster_autoscaler

1.0.16

guard

cloud.azure.aks.guard

1.0.16

Policy

cloud.azure.aks.policy

1.0.16

Administrative

cloud.azure.aks.administrative

1.0.16

Microsoft.Network

APPLICATIONGATEWAYS

ApplicationGatewayAccessLog

cloud.azure.appgateway.access_log

1.0.16

ApplicationGatewayFirewallLog

cloud.azure.appgateway.firewall_log

1.0.16

Policy

cloud.azure.appgateway.policy

1.0.16

Administrative

cloud.azure.appgateway.administrative

1.0.16

AZUREFIREWALLS

AzureFirewallApplicationRule

cloud.azure.firewall.application_rule

1.0.16

AzureFirewallNetworkRule

cloud.azure.firewall.network_rule

1.0.16

AzureFirewallDnsProxy

cloud.azure.firewall.dns_proxy

1.0.16

FRONTDOORS

FrontdoorAccessLog

cloud.azure.frontdoor.access

1.0.24

FrontdoorWebApplicationFirewallLog

cloud.azure.frontdoor.waf

1.0.24

NETWORKSECURITYGROUPS

NetworkSecurityGroupEvent

cloud.azure.virtualnetwork.net_sec_group_event

1.0.25

NetworkSecurityGroupRuleCounter

cloud.azure.virtualnetwork.net_sec_group_rule_counter

1.0.25

VIRTUALNETWORKGATEWAYS

IKEDiagnosticLog

cloud.azure.vngateways.ikediagnos

1.0.25

Microsoft.Storage

STORAGEACCOUNTS

Administrative

cloud.azure.storage.administrative

1.0.16

ResourceHealth

cloud.azure.storage.resourcehealth

1.0.16

Microsoft.Web

SITES

Administrative

cloud.azure.appservice.calculated_category

1.0.16

Policy

cloud.azure.appservice.policy

1.0.16

Microsoft.ContainerRegistry

REGISTRIES

ContainerRegistryLoginEvents

cloud.azure.contregistry.login

1.0.16

Microsoft.DBforPostgreSQL

SERVERS

PostgreSQLLogs

cloud.azure.postgresql.events

1.0.16

Microsoft.Compute

VIRTUALMACHINES

Administrative

cloud.azure.vm.administrative

1.0.16

ResourceHealth

cloud.azure.vm.resourcehealth

 

Policy

cloud.azure.vm.policy

1.0.16

Recommendation

cloud.azure.vm.recommendation

1.0.16

SecurityEvent

cloud.azure.vm.securityevent

1.3.0

Syslog

cloud.azure.vm.unix

1.3.0

VIRTUALMACHINESCALESETS

Administrative

cloud.azure.vmscalesets.administrative

1.0.16

ResourceHealth

cloud.azure.vmscalesets.resourcehealth

1.0.16

Policy

cloud.azure.vmscalesets.policy

1.0.16

Autoscale

cloud.azure.vmscalesets.autoscale

1.0.16

Microsoft.DataFactory

FACTORIES

Administrative

cloud.azure.datafactory.administrative

1.0.16

Microsoft.Insights

ACTIVITYLOGALERTS

Alert

cloud.azure.monitor.alert

1.0.16

Microsoft.Security

LOCATIONS

Security

cloud.azure.securitycenter.security

1.0.16

Microsoft.KeyVault

VAULTS

AuditEvent

cloud.azure.keyvault.audit

1.0.16

Administrative

cloud.azure.keyvault.administrative

1.0.16

Policy

cloud.azure.keyvault.policy

1.0.16

AzurePolicyEvaluationDetails

cloud.azure.keyvault.policy_evaluation_details

1.2.0

Microsoft.aadiam

<empty>

SignInLogs

cloud.azure.ad.signin

1.0.16

AuditLogs

cloud.azure.ad.audit

1.0.16

NonInteractiveUserSignInLogs

cloud.azure.ad.noninteractive_user_signin

1.0.24

ServicePrincipalSignInLogs

cloud.azure.ad.service_principal_signin

1.0.17

ProvisioningLogs

cloud.azure.ad.provisioning

1.0.17

ManagedIdentitySignInLogs

cloud.azure.ad.managed_identity_signin

1.0.24

UserRiskEvents

cloud.azure.ad.user_risk_events

1.2.0

RiskyUsers

cloud.azure.ad.risky_users

1.2.0

ServicePrincipalRiskEvents

cloud.azure.ad.service_principal_risk_events

1.2.0

RiskyServicePrincipals

cloud.azure.ad.risky_service_principals

1.2.0

MicrosoftGraphActivityLogs

cloud.azure.ad.microsoft_graph_activity_logs

2.0.0

Microsoft.OperationalInsights

WORKSPACES

Audit

cloud.azure.monitor.audit

1.0.17

MICROSOFT.SQL

SERVERS

AutomaticTuning

cloud.azure.sql.automatic_tuning

1.0.24

QueryStoreRuntimeStatistics

cloud.azure.sql.query_store_runtime

1.0.24

MANAGEDINSTANCES

resourceusagestats

cloud.azure.sql.resourceusagestats

1.0.69

sqlsecurityauditevents

cloud.azure.sql.securityauditevents

1.0.69

MICROSOFT.RECOVERYSERVICES

VAULTS

AddonAzureBackupJobs

cloud.azure.siterecovery.addon_backup_jobs

1.0.25

AddonAzureBackupPolicy

cloud.azure.siterecovery.addon_backup_policy

1.0.25

AddonAzureBackupProtectedInstance

cloud.azure.siterecovery.addon_backup_protected_inst

1.0.25

AddonAzureBackupStorage

cloud.azure.siterecovery.addon_backup_storage

1.0.25

AzureBackupReport

cloud.azure.siterecovery.backup_report

1.0.25

AzureSiteRecoveryRecoveryPoints

cloud.azure.siterecovery.site_rec_recovery_points

1.0.25

AzureSiteRecoveryReplicatedItems

cloud.azure.siterecovery.site_rec_replicated_items

1.0.25

AzureSiteRecoveryReplicationStats

cloud.azure.siterecovery.site_rec_rep_stats

1.0.25

CoreAzureBackup

cloud.azure.siterecovery.core_backup

1.0.25

MICROSOFT.DESKTOPVIRTUALIZATION

HOSTPOOLS

agenthealthstatus

cloud.azure.hostpools.agenthealthstatus

1.0.69

connection

cloud.azure.hostpools.connection

1.0.69

checkpoint

cloud.azure.hostpools.checkpoint

1.0.69

error

cloud.azure.hostpools.error

1.0.69

management

cloud.azure.hostpools.management

1.0.69

MICROSOFT.SERVICEBUS

<empty>

<empty>

cloud.azure.servicebus.metrics

1.2.0

OperationalLogs

cloud.azure.servicebus.operational

1.2.0

MICROSOFT.DOCUMENTDB

<empty>

ControlPlaneRequests

cloud.azure.cosmosdb.control_plane_requests

1.2.0

DataPlaneRequests

cloud.azure.cosmosdb.data_plane_requests

1.2.0

MongoRequests

cloud.azure.cosmosdb.mongo_requests

1.2.0

PartitionKeyRUConsumption

cloud.azure.cosmosdb.partition_key_ru_consumption

1.2.0

PartitionKeyStatistics

cloud.azure.cosmosdb.partitionkey_statistics

1.2.0

QueryRuntimeStatistics

cloud.azure.cosmosdb.query_runtime_statistics

1.2.0

If none of the previous patterns are matched, the following ones will be applied:

Provider

Service

Category

Devo table

Provider

Service

Category

Devo table

*

*

Administrative

cloud.azure.others.administrative

Autoscale

cloud.azure.others.autoscale

Policy

cloud.azure.others.policy

Recommendation

cloud.azure.others.recommendation

ResourceHealth

cloud.azure.others.resourcehealth

The basic type detection will be applied for other values:

Message type

Devo table

Message type

Devo table

event

cloud.azure.others.events

metric

cloud.azure.eh.metrics

Provider

Service

Category

Devo table

Since version

Provider

Service

Category

Devo table

Since version

Microsoft.ContainerService

MANAGEDCLUSTERS

kube-audit

cloud.azure.aks.kube_audit

1.0.16

kube-audit-admin

cloud.azure.aks.kube_audit_admin

1.0.16

kube-controller-manager

cloud.azure.aks.kube_controller_manager

1.0.16

kube-scheduler

cloud.azure.aks.kube_scheduler

1.0.16

cluster-autoscaler

cloud.azure.aks.cluster_autoscaler

1.0.16

guard

cloud.azure.aks.guard

1.0.16

Policy

cloud.azure.aks.policy

1.0.16

Administrative

cloud.azure.aks.administrative

1.0.16

Microsoft.Network

APPLICATIONGATEWAYS

ApplicationGatewayAccessLog

cloud.azure.appgateway.access_log

1.0.16

ApplicationGatewayFirewallLog

cloud.azure.appgateway.firewall_log

1.0.16

Policy

cloud.azure.appgateway.policy

1.0.16

Administrative

cloud.azure.appgateway.administrative

1.0.16

AZUREFIREWALLS

AzureFirewallApplicationRule

cloud.azure.firewall.application_rule

1.0.16

AzureFirewallNetworkRule

cloud.azure.firewall.network_rule

1.0.16

AzureFirewallDnsProxy

cloud.azure.firewall.dns_proxy

1.0.16

FRONTDOORS

FrontdoorAccessLog

cloud.azure.frontdoor.access

1.0.24

FrontdoorWebApplicationFirewallLog

cloud.azure.frontdoor.waf

1.0.24

NETWORKSECURITYGROUPS

NetworkSecurityGroupEvent

cloud.azure.virtualnetwork.net_sec_group_event

1.0.25

NetworkSecurityGroupRuleCounter

cloud.azure.virtualnetwork.net_sec_group_rule_counter

1.0.25

VIRTUALNETWORKGATEWAYS

IKEDiagnosticLog

cloud.azure.vngateways.ikediagnos

1.0.25

Microsoft.Storage

STORAGEACCOUNTS

Administrative

cloud.azure.storage.administrative

1.0.16

ResourceHealth

cloud.azure.storage.resourcehealth

1.0.16

Microsoft.Web

SITES

Administrative

cloud.azure.appservice.calculated_category

1.0.16

Policy

cloud.azure.appservice.policy

1.0.16

Microsoft.ContainerRegistry

REGISTRIES

ContainerRegistryLoginEvents

cloud.azure.contregistry.login

1.0.16

Microsoft.DBforPostgreSQL

SERVERS

PostgreSQLLogs

cloud.azure.postgresql.events

1.0.16

Microsoft.Compute

VIRTUALMACHINES

Administrative

cloud.azure.vm.administrative

1.0.16

ResourceHealth

cloud.azure.vm.resourcehealth

 

Policy

cloud.azure.vm.policy

1.0.16

Recommendation

cloud.azure.vm.recommendation

1.0.16

SecurityEvent

cloud.azure.vm.securityevent

1.3.0

Syslog

cloud.azure.vm.unix

1.3.0

VIRTUALMACHINESCALESETS

Administrative

cloud.azure.vmscalesets.administrative

1.0.16

ResourceHealth

cloud.azure.vmscalesets.resourcehealth

1.0.16

Policy

cloud.azure.vmscalesets.policy

1.0.16

Autoscale

cloud.azure.vmscalesets.autoscale

1.0.16

Microsoft.DataFactory

FACTORIES

Administrative

cloud.azure.datafactory.administrative

1.0.16

Microsoft.Insights

ACTIVITYLOGALERTS

Alert

cloud.azure.monitor.alert

1.0.16

Microsoft.Security

LOCATIONS

Security

cloud.azure.securitycenter.security

1.0.16

Microsoft.KeyVault

VAULTS

AuditEvent

cloud.azure.keyvault.audit

1.0.16

Administrative

cloud.azure.keyvault.administrative

1.0.16

Policy

cloud.azure.keyvault.policy

1.0.16

AzurePolicyEvaluationDetails

cloud.azure.keyvault.policy_evaluation_details

1.2.0

Microsoft.aadiam

<empty>

SignInLogs

cloud.azure.ad.signin

1.0.16

AuditLogs

cloud.azure.ad.audit

1.0.16

NonInteractiveUserSignInLogs

cloud.azure.ad.noninteractive_user_signin

1.0.24

ServicePrincipalSignInLogs

cloud.azure.ad.service_principal_signin

1.0.17

ProvisioningLogs

cloud.azure.ad.provisioning

1.0.17

ManagedIdentitySignInLogs

cloud.azure.ad.managed_identity_signin

1.0.24

UserRiskEvents

cloud.azure.ad.user_risk_events

1.2.0

RiskyUsers

cloud.azure.ad.risky_users

1.2.0

ServicePrincipalRiskEvents

cloud.azure.ad.service_principal_risk_events

1.2.0

RiskyServicePrincipals

cloud.azure.ad.risky_service_principals

1.2.0

Microsoft.OperationalInsights

WORKSPACES

Audit

cloud.azure.monitor.audit

1.0.17

MICROSOFT.SQL

SERVERS

AutomaticTuning

cloud.azure.sql.automatic_tuning

1.0.24

QueryStoreRuntimeStatistics

cloud.azure.sql.query_store_runtime

1.0.24

MANAGEDINSTANCES

resourceusagestats

cloud.azure.sql.resourceusagestats

1.0.69

sqlsecurityauditevents

cloud.azure.sql.securityauditevents

1.0.69

MICROSOFT.RECOVERYSERVICES

VAULTS

AddonAzureBackupJobs

cloud.azure.siterecovery.addon_backup_jobs

1.0.25

AddonAzureBackupPolicy

cloud.azure.siterecovery.addon_backup_policy

1.0.25

AddonAzureBackupProtectedInstance

cloud.azure.siterecovery.addon_backup_protected_inst

1.0.25

AddonAzureBackupStorage

cloud.azure.siterecovery.addon_backup_storage

1.0.25

AzureBackupReport

cloud.azure.siterecovery.backup_report

1.0.25

AzureSiteRecoveryRecoveryPoints

cloud.azure.siterecovery.site_rec_recovery_points

1.0.25

AzureSiteRecoveryReplicatedItems

cloud.azure.siterecovery.site_rec_replicated_items

1.0.25

AzureSiteRecoveryReplicationStats

cloud.azure.siterecovery.site_rec_rep_stats

1.0.25

CoreAzureBackup

cloud.azure.siterecovery.core_backup

1.0.25

MICROSOFT.DESKTOPVIRTUALIZATION

HOSTPOOLS

agenthealthstatus

cloud.azure.hostpools.agenthealthstatus

1.0.69

connection

cloud.azure.hostpools.connection

1.0.69

checkpoint

cloud.azure.hostpools.checkpoint

1.0.69

error

cloud.azure.hostpools.error

1.0.69

management

cloud.azure.hostpools.management

1.0.69

MICROSOFT.SERVICEBUS

<empty>

<empty>

cloud.azure.servicebus.metrics

1.2.0

OperationalLogs

cloud.azure.servicebus.operational

1.2.0

MICROSOFT.DOCUMENTDB

<empty>

ControlPlaneRequests

cloud.azure.cosmosdb.control_plane_requests

1.2.0

DataPlaneRequests

cloud.azure.cosmosdb.data_plane_requests

1.2.0

MongoRequests

cloud.azure.cosmosdb.mongo_requests

1.2.0

PartitionKeyRUConsumption

cloud.azure.cosmosdb.partition_key_ru_consumption

1.2.0

PartitionKeyStatistics

cloud.azure.cosmosdb.partitionkey_statistics

1.2.0

QueryRuntimeStatistics

cloud.azure.cosmosdb.query_runtime_statistics

1.2.0

If none of the previous patterns are matched, the following ones will be applied:

Provider

Service

Category

Devo table

Provider

Service

Category

Devo table

*

*

Administrative

cloud.azure.others.administrative

Autoscale

cloud.azure.others.autoscale

Policy

cloud.azure.others.policy

Recommendation

cloud.azure.others.recommendation

ResourceHealth

cloud.azure.others.resourcehealth

The basic type detection will be applied for other values:

Message type

Devo table

Message type

Devo table

event

cloud.azure.others.events

metric

cloud.azure.eh.metrics

Provider

Service

Category

Devo table

Since version

Provider

Service

Category

Devo table

Since version

Microsoft.ContainerService

MANAGEDCLUSTERS

kube-audit

cloud.azure.aks.kube_audit

1.0.16

kube-audit-admin

cloud.azure.aks.kube_audit_admin

1.0.16

kube-controller-manager

cloud.azure.aks.kube_controller_manager

1.0.16

kube-scheduler

cloud.azure.aks.kube_scheduler

1.0.16

cluster-autoscaler

cloud.azure.aks.cluster_autoscaler

1.0.16

guard

cloud.azure.aks.guard

1.0.16

Policy

cloud.azure.aks.policy

1.0.16

Administrative

cloud.azure.aks.administrative

1.0.16

Microsoft.Network

APPLICATIONGATEWAYS

ApplicationGatewayAccessLog

cloud.azure.appgateway.access_log

1.0.16

ApplicationGatewayFirewallLog

cloud.azure.appgateway.firewall_log

1.0.16

Policy

cloud.azure.appgateway.policy

1.0.16

Administrative

cloud.azure.appgateway.administrative

1.0.16

AZUREFIREWALLS

AzureFirewallApplicationRule

cloud.azure.firewall.application_rule

1.0.16

AzureFirewallNetworkRule

cloud.azure.firewall.network_rule

1.0.16

AzureFirewallDnsProxy

cloud.azure.firewall.dns_proxy

1.0.16

FRONTDOORS

FrontdoorAccessLog

cloud.azure.frontdoor.access

1.0.24

FrontdoorWebApplicationFirewallLog

cloud.azure.frontdoor.waf

1.0.24

NETWORKSECURITYGROUPS

NetworkSecurityGroupEvent

cloud.azure.virtualnetwork.net_sec_group_event

1.0.25

NetworkSecurityGroupRuleCounter

cloud.azure.virtualnetwork.net_sec_group_rule_counter

1.0.25

VIRTUALNETWORKGATEWAYS

IKEDiagnosticLog

cloud.azure.vngateways.ikediagnos

1.0.25

Microsoft.Storage

STORAGEACCOUNTS

Administrative

cloud.azure.storage.administrative

1.0.16

ResourceHealth

cloud.azure.storage.resourcehealth

1.0.16

Microsoft.Web

SITES

Administrative

cloud.azure.appservice.calculated_category

1.0.16

Policy

cloud.azure.appservice.policy

1.0.16

Microsoft.ContainerRegistry

REGISTRIES

ContainerRegistryLoginEvents

cloud.azure.contregistry.login

1.0.16

Microsoft.DBforPostgreSQL

SERVERS

PostgreSQLLogs

cloud.azure.postgresql.events

1.0.16

Microsoft.Compute

VIRTUALMACHINES

Administrative

cloud.azure.vm.administrative

1.0.16

ResourceHealth

cloud.azure.vm.resourcehealth

1.0.16

Policy

cloud.azure.vm.policy

1.0.16

Recommendation

cloud.azure.vm.recommendation

1.0.16

VIRTUALMACHINESCALESETS

Administrative

cloud.azure.vmscalesets.administrative

1.0.16

ResourceHealth

cloud.azure.vmscalesets.resourcehealth

1.0.16

Policy

cloud.azure.vmscalesets.policy

1.0.16

Autoscale

cloud.azure.vmscalesets.autoscale

1.0.16

Microsoft.DataFactory

FACTORIES

Administrative

cloud.azure.datafactory.administrative

1.0.16

Microsoft.Insights

ACTIVITYLOGALERTS

Alert

cloud.azure.monitor.alert

1.0.16

Microsoft.Security

LOCATIONS

Security

cloud.azure.securitycenter.security

1.0.16

Microsoft.KeyVault

VAULTS

AuditEvent

cloud.azure.keyvault.audit

1.0.16

Administrative

cloud.azure.keyvault.administrative

1.0.16

Policy

cloud.azure.keyvault.policy

1.0.16

AzurePolicyEvaluationDetails

cloud.azure.keyvault.policy_evaluation_details

1.2.0

Microsoft.aadiam

<empty>

SignInLogs

cloud.azure.ad.signin

1.0.16

AuditLogs

cloud.azure.ad.audit

1.0.16

NonInteractiveUserSignInLogs

cloud.azure.ad.noninteractive_user_signin

1.0.24

ServicePrincipalSignInLogs

cloud.azure.ad.service_principal_signin

1.0.17

ProvisioningLogs

cloud.azure.ad.provisioning

1.0.17

ManagedIdentitySignInLogs

cloud.azure.ad.managed_identity_signin

1.0.24

UserRiskEvents

cloud.azure.ad.user_risk_events

1.2.0

RiskyUsers

cloud.azure.ad.risky_users

1.2.0

ServicePrincipalRiskEvents

cloud.azure.ad.service_principal_risk_events

1.2.0

RiskyServicePrincipals

cloud.azure.ad.risky_service_principals

1.2.0

Microsoft.OperationalInsights

WORKSPACES

Audit

cloud.azure.monitor.audit

1.0.17

MICROSOFT.SQL

SERVERS

AutomaticTuning

cloud.azure.sql.automatic_tuning

1.0.24

QueryStoreRuntimeStatistics

cloud.azure.sql.query_store_runtime

1.0.24

MANAGEDINSTANCES

resourceusagestats

cloud.azure.sql.resourceusagestats

1.0.69

sqlsecurityauditevents

cloud.azure.sql.securityauditevents

1.0.69

MICROSOFT.RECOVERYSERVICES

VAULTS

AddonAzureBackupJobs

cloud.azure.siterecovery.addon_backup_jobs

1.0.25

AddonAzureBackupPolicy

cloud.azure.siterecovery.addon_backup_policy

1.0.25

AddonAzureBackupProtectedInstance

cloud.azure.siterecovery.addon_backup_protected_inst

1.0.25

AddonAzureBackupStorage

cloud.azure.siterecovery.addon_backup_storage

1.0.25

AzureBackupReport

cloud.azure.siterecovery.backup_report

1.0.25

AzureSiteRecoveryRecoveryPoints

cloud.azure.siterecovery.site_rec_recovery_points

1.0.25

AzureSiteRecoveryReplicatedItems

cloud.azure.siterecovery.site_rec_replicated_items

1.0.25

AzureSiteRecoveryReplicationStats

cloud.azure.siterecovery.site_rec_rep_stats

1.0.25

CoreAzureBackup

cloud.azure.siterecovery.core_backup

1.0.25

MICROSOFT.DESKTOPVIRTUALIZATION

HOSTPOOLS

agenthealthstatus

cloud.azure.hostpools.agenthealthstatus

1.0.69

connection

cloud.azure.hostpools.connection

1.0.69

checkpoint

cloud.azure.hostpools.checkpoint

1.0.69

error

cloud.azure.hostpools.error

1.0.69

management

cloud.azure.hostpools.management

1.0.69

MICROSOFT.SERVICEBUS

<empty>

<empty>

cloud.azure.servicebus.metrics

1.2.0

OperationalLogs

cloud.azure.servicebus.operational

1.2.0

MICROSOFT.DOCUMENTDB

<empty>

ControlPlaneRequests

cloud.azure.cosmosdb.control_plane_requests

1.2.0

DataPlaneRequests

cloud.azure.cosmosdb.data_plane_requests

1.2.0

MongoRequests

cloud.azure.cosmosdb.mongo_requests

1.2.0

PartitionKeyRUConsumption

cloud.azure.cosmosdb.partition_key_ru_consumption

1.2.0

PartitionKeyStatistics

cloud.azure.cosmosdb.partitionkey_statistics

1.2.0

QueryRuntimeStatistics

cloud.azure.cosmosdb.query_runtime_statistics

1.2.0

If none of the previous patterns are matched, the following ones will be applied:

Provider

Service

Category

Devo table

Provider

Service

Category

Devo table

*

*

Administrative

cloud.azure.others.administrative

Autoscale

cloud.azure.others.autoscale

Policy

cloud.azure.others.policy

Recommendation

cloud.azure.others.recommendation

ResourceHealth

cloud.azure.others.resourcehealth

The basic type detection will be applied for other values:

Message type

Devo table

Message type

Devo table

event

cloud.azure.others.events

metric

cloud.azure.eh.metrics

 

Provider

Service

Category

Devo table

Since version

Provider

Service

Category

Devo table

Since version

Microsoft.ContainerService

MANAGEDCLUSTERS

kube-audit

cloud.azure.aks.kube_audit

1.0.16

kube-audit-admin

cloud.azure.aks.kube_audit_admin

1.0.16

kube-controller-manager

cloud.azure.aks.kube_controller_manager

1.0.16

kube-scheduler

cloud.azure.aks.kube_scheduler

1.0.16

cluster-autoscaler

cloud.azure.aks.cluster_autoscaler

1.0.16

guard

cloud.azure.aks.guard

1.0.16

Policy

cloud.azure.aks.policy

1.0.16

Administrative

cloud.azure.aks.administrative

1.0.16

Microsoft.Network

APPLICATIONGATEWAYS

ApplicationGatewayAccessLog

cloud.azure.appgateway.access_log

1.0.16

ApplicationGatewayFirewallLog

cloud.azure.appgateway.firewall_log

1.0.16

Policy

cloud.azure.appgateway.policy

1.0.16

Administrative

cloud.azure.appgateway.administrative

1.0.16

AZUREFIREWALLS

AzureFirewallApplicationRule

cloud.azure.firewall.application_rule

1.0.16

AzureFirewallNetworkRule

cloud.azure.firewall.network_rule

1.0.16

AzureFirewallDnsProxy

cloud.azure.firewall.dns_proxy

1.0.16

FRONTDOORS

FrontdoorAccessLog

cloud.azure.frontdoor.access

1.0.24

FrontdoorWebApplicationFirewallLog

cloud.azure.frontdoor.waf

1.0.24

NETWORKSECURITYGROUPS

NetworkSecurityGroupEvent

cloud.azure.virtualnetwork.net_sec_group_event

1.0.25

NetworkSecurityGroupRuleCounter

cloud.azure.virtualnetwork.net_sec_group_rule_counter

1.0.25

VIRTUALNETWORKGATEWAYS

IKEDiagnosticLog

cloud.azure.vngateways.ikediagnos

1.0.25

Microsoft.Storage

STORAGEACCOUNTS

Administrative

cloud.azure.storage.administrative

1.0.16

ResourceHealth

cloud.azure.storage.resourcehealth

1.0.16

Microsoft.Web

SITES

Administrative

cloud.azure.appservice.calculated_category

1.0.16

Policy

cloud.azure.appservice.policy

1.0.16

Microsoft.ContainerRegistry

REGISTRIES

ContainerRegistryLoginEvents

cloud.azure.contregistry.login

1.0.16

Microsoft.DBforPostgreSQL

SERVERS

PostgreSQLLogs

cloud.azure.postgresql.events

1.0.16

Microsoft.Compute

VIRTUALMACHINES

Administrative

cloud.azure.vm.administrative

1.0.16

ResourceHealth

cloud.azure.vm.resourcehealth

1.0.16

Policy

cloud.azure.vm.policy

1.0.16

Recommendation

cloud.azure.vm.recommendation

1.0.16

VIRTUALMACHINESCALESETS

Administrative

cloud.azure.vmscalesets.administrative

1.0.16

ResourceHealth

cloud.azure.vmscalesets.resourcehealth

1.0.16

Policy

cloud.azure.vmscalesets.policy

1.0.16

Autoscale

cloud.azure.vmscalesets.autoscale

1.0.16

Microsoft.DataFactory

FACTORIES

Administrative

cloud.azure.datafactory.administrative

1.0.16

Microsoft.Insights

ACTIVITYLOGALERTS

Alert

cloud.azure.monitor.alert

1.0.16

Microsoft.Security

LOCATIONS

Security

cloud.azure.securitycenter.security

1.0.16

Microsoft.KeyVault

VAULTS

AuditEvent

cloud.azure.keyvault.audit

1.0.16

Administrative

cloud.azure.keyvault.administrative

1.0.16

Policy

cloud.azure.keyvault.policy

1.0.16

Microsoft.aadiam

<empty>

SignInLogs

cloud.azure.ad.signin

1.0.16

AuditLogs

cloud.azure.ad.audit

1.0.16

NonInteractiveUserSignInLogs

cloud.azure.ad.noninteractive_user_signin

1.0.24

ServicePrincipalSignInLogs

cloud.azure.ad.service_principal_signin

1.0.17

ProvisioningLogs

cloud.azure.ad.provisioning

1.0.17

ManagedIdentitySignInLogs

cloud.azure.ad.managed_identity_signin

1.0.24

Microsoft.OperationalInsights

WORKSPACES

Audit

cloud.azure.monitor.audit

1.0.17

MICROSOFT.SQL

SERVERS

AutomaticTuning

cloud.azure.sql.automatic_tuning

1.0.24

QueryStoreRuntimeStatistics

cloud.azure.sql.query_store_runtime

1.0.24

MANAGEDINSTANCES

resourceusagestats

cloud.azure.sql.resourceusagestats

1.0.69

sqlsecurityauditevents

cloud.azure.sql.securityauditevents

1.0.69

MICROSOFT.RECOVERYSERVICES

VAULTS

AddonAzureBackupJobs

cloud.azure.siterecovery.addon_backup_jobs

1.0.25

AddonAzureBackupPolicy

cloud.azure.siterecovery.addon_backup_policy

1.0.25

AddonAzureBackupProtectedInstance

cloud.azure.siterecovery.addon_backup_protected_inst

1.0.25

AddonAzureBackupStorage

cloud.azure.siterecovery.addon_backup_storage

1.0.25

AzureBackupReport

cloud.azure.siterecovery.backup_report

1.0.25

AzureSiteRecoveryRecoveryPoints

cloud.azure.siterecovery.site_rec_recovery_points

1.0.25

AzureSiteRecoveryReplicatedItems

cloud.azure.siterecovery.site_rec_replicated_items

1.0.25

AzureSiteRecoveryReplicationStats

cloud.azure.siterecovery.site_rec_rep_stats

1.0.25

CoreAzureBackup

cloud.azure.siterecovery.core_backup

1.0.25

MICROSOFT.DESKTOPVIRTUALIZATION

HOSTPOOLS

agenthealthstatus

cloud.azure.hostpools.agenthealthstatus

1.0.69

connection

cloud.azure.hostpools.connection

1.0.69

checkpoint

cloud.azure.hostpools.checkpoint

1.0.69

error

cloud.azure.hostpools.error

1.0.69

management

cloud.azure.hostpools.management

1.0.69

If none of the previous patterns are matched, the following ones will be applied:

Provider

Service

Category

Devo table

Provider

Service

Category

Devo table

*

*

Administrative

cloud.azure.others.administrative

Autoscale

cloud.azure.others.autoscale

Policy

cloud.azure.others.policy

Recommendation

cloud.azure.others.recommendation

ResourceHealth

cloud.azure.others.resourcehealth

The basic type detection will be applied for other values:

Message type

Devo table

Message type

Devo table

event

cloud.azure.others.events

metric

cloud.azure.eh.metrics

 

Provider

Service

Category

Devo table

Since version

Provider

Service

Category

Devo table

Since version

Microsoft.ContainerService

MANAGEDCLUSTERS

kube-audit

cloud.azure.aks.kube_audit

1.0.16

kube-audit-admin

cloud.azure.aks.kube_audit_admin

1.0.16

kube-controller-manager

cloud.azure.aks.kube_controller_manager

1.0.16

kube-scheduler

cloud.azure.aks.kube_scheduler

1.0.16

cluster-autoscaler

cloud.azure.aks.cluster_autoscaler

1.0.16

guard

cloud.azure.aks.guard

1.0.16

Policy

cloud.azure.aks.policy

1.0.16

Administrative

cloud.azure.aks.administrative

1.0.16

Microsoft.Network

APPLICATIONGATEWAYS

ApplicationGatewayAccessLog

cloud.azure.appgateway.access_log

1.0.16

ApplicationGatewayFirewallLog

cloud.azure.appgateway.firewall_log

1.0.16

Policy

cloud.azure.appgateway.policy

1.0.16

Administrative

cloud.azure.appgateway.administrative

1.0.16

AZUREFIREWALLS

AzureFirewallApplicationRule

cloud.azure.firewall.application_rule

1.0.16

AzureFirewallNetworkRule

cloud.azure.firewall.network_rule

1.0.16

AzureFirewallDnsProxy

cloud.azure.firewall.dns_proxy

1.0.16

FRONTDOORS

FrontdoorAccessLog

cloud.azure.frontdoor.access

1.0.24

FrontdoorWebApplicationFirewallLog

cloud.azure.frontdoor.waf

1.0.24

NETWORKSECURITYGROUPS

NetworkSecurityGroupEvent

cloud.azure.virtualnetwork.net_sec_group_event

1.0.25

NetworkSecurityGroupRuleCounter

cloud.azure.virtualnetwork.net_sec_group_rule_counter

1.0.25

VIRTUALNETWORKGATEWAYS

IKEDiagnosticLog

cloud.azure.vngateways.ikediagnos

1.0.25

Microsoft.Storage

STORAGEACCOUNTS

Administrative

cloud.azure.storage.administrative

1.0.16

ResourceHealth

cloud.azure.storage.resourcehealth

1.0.16

Microsoft.Web

SITES

Administrative

cloud.azure.appservice.calculated_category

1.0.16

Policy

cloud.azure.appservice.policy

1.0.16

Microsoft.ContainerRegistry

REGISTRIES

ContainerRegistryLoginEvents

cloud.azure.contregistry.login

1.0.16

Microsoft.DBforPostgreSQL

SERVERS

PostgreSQLLogs

cloud.azure.postgresql.events

1.0.16

Microsoft.Compute

VIRTUALMACHINES

Administrative

cloud.azure.vm.administrative

1.0.16

ResourceHealth

cloud.azure.vm.resourcehealth

1.0.16

Policy

cloud.azure.vm.policy

1.0.16

Recommendation

cloud.azure.vm.recommendation

1.0.16

VIRTUALMACHINESCALESETS

Administrative

cloud.azure.vmscalesets.administrative

1.0.16

ResourceHealth

cloud.azure.vmscalesets.resourcehealth

1.0.16

Policy

cloud.azure.vmscalesets.policy

1.0.16

Autoscale

cloud.azure.vmscalesets.autoscale

1.0.16

Microsoft.DataFactory

FACTORIES

Administrative

cloud.azure.datafactory.administrative

1.0.16

Microsoft.Insights

ACTIVITYLOGALERTS

Alert

cloud.azure.monitor.alert

1.0.16

Microsoft.Security

LOCATIONS

Security

cloud.azure.securitycenter.security

1.0.16

Microsoft.KeyVault

VAULTS

AuditEvent

cloud.azure.keyvault.audit

1.0.16

Administrative

cloud.azure.keyvault.administrative

1.0.16

Policy

cloud.azure.keyvault.policy

1.0.16

Microsoft.aadiam

<empty>

SignInLogs

cloud.azure.ad.signin

1.0.16

AuditLogs

cloud.azure.ad.audit

1.0.16

NonInteractiveUserSignInLogs

cloud.azure.ad.noninteractive_user_signin

1.0.24

ServicePrincipalSignInLogs

cloud.azure.ad.service_principal_signin

1.0.17

ProvisioningLogs

cloud.azure.ad.provisioning

1.0.17

ManagedIdentitySignInLogs

cloud.azure.ad.managed_identity_signin

1.0.24

Microsoft.OperationalInsights

WORKSPACES

Audit

cloud.azure.monitor.audit

1.0.17

MICROSOFT.SQL

SERVERS

AutomaticTuning

cloud.azure.sql.automatic_tuning

1.0.24

QueryStoreRuntimeStatistics

cloud.azure.sql.query_store_runtime

1.0.24

MICROSOFT.RECOVERYSERVICES

VAULTS

AddonAzureBackupJobs

cloud.azure.siterecovery.addon_backup_jobs

1.0.25

AddonAzureBackupPolicy

cloud.azure.siterecovery.addon_backup_policy

1.0.25

AddonAzureBackupProtectedInstance

cloud.azure.siterecovery.addon_backup_protected_inst

1.0.25

AddonAzureBackupStorage

cloud.azure.siterecovery.addon_backup_storage

1.0.25

AzureBackupReport

cloud.azure.siterecovery.backup_report

1.0.25

AzureSiteRecoveryRecoveryPoints

cloud.azure.siterecovery.site_rec_recovery_points

1.0.25

AzureSiteRecoveryReplicatedItems

cloud.azure.siterecovery.site_rec_replicated_items

1.0.25

AzureSiteRecoveryReplicationStats

cloud.azure.siterecovery.site_rec_rep_stats

1.0.25

CoreAzureBackup

cloud.azure.siterecovery.core_backup

1.0.25

If none of the previous patterns are matched, the following ones will be applied:

Provider

Service

Category

Devo table

Provider

Service

Category

Devo table

*

*

Administrative

cloud.azure.others.administrative

Autoscale

cloud.azure.others.autoscale

Policy

cloud.azure.others.policy

Recommendation

cloud.azure.others.recommendation

ResourceHealth

cloud.azure.others.resourcehealth

The basic type detection will be applied for other values:

Message type

Devo table

Message type

Devo table

event

cloud.azure.others.events

metric

cloud.azure.eh.metrics

Â