Powerpipe Detection Mods →
Powerpipe Hub 
Hub
Mods
turbot/tailpipe-mod-azure-activity-log-detections
Overview
3Dashboards
36Benchmarks
43Queries
1Variables
GitHub

Dashboard: Activity Log Activity Dashboard

This dashboard answers the following questions:

  • How many Azure Activity Logs are recorded?
  • How many logs are generated per subscription?
  • How many logs are generated per resource group?
  • Who are the top actors initiating activities?
  • What are the top source IPs generating activity logs?
  • What are the top Azure services generating logs?
  • What are the top events recorded in the activity logs?
This dashboard contains 1 card.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/tailpipe-mod-azure-activity-log-detections

Start the Powerpipe server:

powerpipe server

Open http://localhost:9033 in your browser and select Activity Log Activity Dashboard dashboard.

You could also snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe dashboard run azure_activity_log_detections.dashboard.activity_dashboard --share

Queries

This dashboard uses the the following queries:
select
  caller as "Actor",
  count(*) as "Logs"
from
  azure_activity_log
where
  caller is not null
group by
  caller
order by
  count(*) desc
limit 10;

Tags

service = Azure/ActivityLog
type = Dashboard