共用方式為

AzureAttestationDiagnostics 資料表的查詢

如需在 Azure 入口網站 使用這些查詢的詳細資訊,請參閱Log Analytics教學課程。 如需 REST API,請參閱 查詢

是否有任何授權失敗?

授權失敗的證明提供者要求計數。

// To create an alert for this query, click '+ New alert rule'
AzureAttestationDiagnostics
| where toint(ResultSignature) == 403
| summarize count() by ResourceUri, ResultSignature, _ResourceId
// ResultSignature contains HTTP status code returned by the request, (e.g.  200, 300, 401, etc.)
// ResourceUri contains the URI of the request

是否有任何緩慢的要求?

時間花費超過 1 秒之證明提供者要求的清單。

// To create an alert for this query, click '+ New alert rule'
let threshold=1000; // let operator defines a constant that can be further used in the query
AzureAttestationDiagnostics
| where DurationMs > threshold
| summarize count() by OperationName, _ResourceId

此證明提供者有多活躍?

顯示證明提供者要求量趨勢的折線圖 (以一段時間內的每個作業為單位)。

AzureAttestationDiagnostics
| where TimeGenerated > ago(1d)
| summarize count() by bin(TimeGenerated, 1h), OperationName // Aggregate by hour
| render timechart

誰在呼叫這個證明提供者?

根據其 IP 位址和 AAD UPN 識別的來電者清單及其請求計數。

AzureAttestationDiagnostics
| summarize count() by CallerIpAddress, tostring(Identity.callerAadUPN)

證明原則是否有任何變更?

成功證明提供者要求的清單,用以變更證明原則或原則簽署憑證。

// To create an alert for this query, click '+ New alert rule'
let policyOperations = pack_array(
    "AddPolicyCertificate",
    "AddPolicyManagementCertificate",
    "AddPolicyManagementCertificates",
    "RemovePolicyCertificate",
    "RemovePolicyManagementCertificate",
    "RemovePolicyManagementCertificates",
    "ResetAttestationPolicy",
    "SetCurrentPolicy",
    "SetCurrentPolicyWithHttpMessagesAsync",
    "SetEffectiveAttestationPolicy",
    "DeleteCurrentPolicy",
    "DeletePolicy"
);
AzureAttestationDiagnostics
| where toint(ResultSignature) == 200
| where policyOperations contains OperationName
| take 100

是否在嘗試設定證明原則時遇到任何錯誤?

任何嘗試設定證明原則或原則簽署憑證的錯誤清單。

// To create an alert for this query, click '+ New alert rule'
let policyOperations = pack_array(
    "AddPolicyCertificate",
    "AddPolicyManagementCertificate",
    "AddPolicyManagementCertificates",
    "PrepareToSetPolicy",
    "PrepareToUpdatePolicy",
    "RemovePolicyCertificate",
    "RemovePolicyManagementCertificate",
    "RemovePolicyManagementCertificates",
    "ResetAttestationPolicy",
    "SetCurrentPolicy",
    "SetCurrentPolicyWithHttpMessagesAsync",
    "SetEffectiveAttestationPolicy",
    "DeleteCurrentPolicy",
    "DeletePolicy"
);
AzureAttestationDiagnostics
| where toint(ResultSignature) >= 300
| where policyOperations contains OperationName
| take 100
  • Last updated on