With a USM Anywhere Sensor deployed in your Microsoft Azure environment, referred to as the Azure Sensor, USM Anywhere can discover and collect logs in two different ways.

An Azure Sensor is preconfigured to automatically discover and collect these types of Azure resource logs (previously referred to as diagnostic logs):

• Azure Monitor (Insight)
• Azure Security Alerts
• Azure Internet Information Services (IIS) logs
• Azure SQL Server logs
• Azure Web Apps logs
• Azure Windows logs

See Collect Azure Resource Logs for more information.

Furthermore, if you stream data to Azure Event Hubs, you can connect an Azure Sensor to your event hub and collect the following logs:

• Azure Active Directory (AD) logs, including audit logs and sign-in logs
• Azure Monitor logs
• Azure SQL Database logs
• Microsoft Defender Advanced Threat Protection (ATP) logs

See Collect Logs from Azure Event Hubs for more information.