Azure Sentinel – Monitoring your Logic Apps Playbooks

News Informatique

Azure Sentinel – Monitoring your Logic Apps Playbooks

An Azure Logic App can be used in Azure Sentinel as a Playbook to be automatically invoked when an incident is created. You can use the Playbooks health monitoring workbook to monitor the health of your Playbooks, look for anomalies in the amount of succeeded or failed runs. At a glance, you can also view the execution time of a Logic App which helps you getting an estimate of the usage costs.

Configuration requirements

For Logic Apps data to be available in your workbook, you need to enable the diagnostic settings for all the Logic Apps you would like to monitor.

The Activity tab in the workbook is based on Activity logs, this needs to be configured to send the data to your Log Analytics workspace of choice.


Playbook monitoring Workbook2.gif

The following insights are provided:

  • Success and failure over time to detect anomalies
  • Failure percentage
  • Average run time
  • All failed Logic Apps and drill down capability to detect the error
  • Changes made and who performed them
  • Billable related information

The workbook is divided into 3 different tabs for easier navigation :

  • Overview
  • Activity
  • Billable Info


This tab will permit to have an overview on :

  • Success and failure over time
  • Failure percentage per Logic App
  • Logic Apps by status
    • Count for Failed/Succeeded runs
    • Logic Apps’ trigger
    • Logic Apps’ action


The Activity tab will permit to:

  • view different logic apps activities by user
  • view different API connection activities by user
  • view different logic apps activities by Logic App and see who performed the activities
Activity - 3.jpg

Billable Information

In this section, you can view billable information regarding your Logic Apps, and shows the total billable executions per subscription. The data is based on Logic Apps’ build-in metrics.



No Comments

Add your comment