Add Azure Sentinel audit log export and split into sub-pages#18432
Add Azure Sentinel audit log export and split into sub-pages#18432
Conversation
Split the audit logs page into sub-pages per provider (AWS S3, Azure Sentinel) to reduce crowding and make room for future export targets. The main audit-logs page keeps overview, manual export, formats, and event list. AWS S3 instructions are extracted as-is. Azure Sentinel instructions are new, based on the sentinel-audit-log-connector template. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This comment was marked as resolved.
This comment was marked as resolved.
|
Your site preview for commit 03c2fd3 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-18432-03c2fd3d.s3-website.us-west-2.amazonaws.com |
- Fix menu parent/identifier so sub-pages nest under Audit Logs
- Add alt text to all images in aws-s3.md
- Use "select" instead of "click", "navigate to" instead of "go to"
- Fix "eg:" to "e.g.,", "arn" to "ARN", add missing article
- Rename "Azure Sentinel" to "Microsoft Sentinel" in titles and menu
- Use sentence case for headings ("Setup option" not "Setup Option")
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use the actual template displayName from Pulumi.yaml: "Pulumi Audit Log Export to Azure Sentinel" Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Apply review nits: sentence-case H2/H3/H4 headings in _index.md, add alt text to the existing screenshot, hyphenate "three-dot menu", and use backticks for the audit log filepath example.
CamSoper
left a comment
CamSoper
left a comment
There was a problem hiding this comment.
Looks great, Lynn! Nice job structuring the new Sentinel page — clear prereqs, two setup paths, schema reference, sample queries, teardown, and known limitations. Splitting into sub-pages is the right call and gives us a good template for future "export to X" pages.
I pushed a small follow-up commit cleaning up sentence-case headings in _index.md (carried over from the original page), an alt attribute on the existing audit-logs screenshot, a hyphen in "three-dot menu", and a backtick fix on 'Pulumi-audit-logs'. All cosmetic — feel free to revert if you'd rather keep the diff focused.
One thing worth a quick sanity check before merge: the KQL examples use lowercase hyphenated event names (stack-deleted, member-added, etc.), while _index.md lists them in Title Case ("Stack Deleted", "Member Added"). The KQL form is presumably what the connector emits into Event_s — just want to make sure the sample queries return rows for users who run them.
- Console flow links directly to prefilled New Project Wizard - CLI flow uses pulumi/examples repo instead of sentinel-audit-log-connector - Add enableAnalyticRules to config table, remove apiUrl Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
confirmed the lowercase event names are what gets stored in the audit logs table! |
3 participants
Summary
_index.md(overview, manual export, formats, events),aws-s3.md(AWS S3 export), andazure-sentinel.md(new Azure Sentinel export)Test