Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.levelblue.com/llms.txt

Use this file to discover all available pages before exploring further.

With a USM Anywhere Sensor deployed in your Microsoft Azure environment, referred to as the Azure Sensor, USM Anywhere can discover and collect logs in two different ways. An Azure Sensor is preconfigured to automatically discover and collect these types of Azure resource logs (previously referred to as diagnostic logs):
  • Azure Monitor (Insight)
  • Azure Security Alerts
  • Azure Internet Information Services (IIS) logs
  • Azure SQL Server logs
  • Azure Web Apps logs
  • Azure Windows logs
See Collect Azure Resource Logs for more information. Furthermore, if you stream data to Azure Event Hubs, you can connect an Azure Sensor to your event hub and collect the following logs:
  • Azure Active Directory (AD) logs, including audit logs and sign-in logs
  • Azure Monitor logs
  • Azure SQL Database logs
  • Microsoft Defender Advanced Threat Protection (ATP) logs
See Collect Logs from Azure Event Hubs for more information.
Important: Azure Diagnostics Extension was deprecated by Microsoft as of March 31, 2026. For that reason, you must redirect the logs collected by the Extension to the Events Hub stream.
To view other related training videos, click here.