Streaming for Auditing is now in Public Preview

Rogan Ferguson

Auditing for Azure DevOps enables organization administrators to monitor and react to changes throughout their organizations. Today we are excited to announce that streaming for auditing is now available for all organizations as a public preview! Streaming allows audit data to be sent automatically to other locations for further processing. Sending auditing data to Security Incident and Event Management (SIEM) tools opens up exciting new possibilities such as alerting on specific events, creating powerful views on top of auditing data, and performing automated anomaly detection. It also allows you to store more than the 90-days’ worth of auditing data that Azure DevOps keeps.

The following stream targets are available to be configured:

Splunk – Connect to on-premises or cloud-based Splunk.

Azure Monitor Log – Send auditing logs to Azure Monitor Logs. Logs stored in Azure Monitor Logs can be queried and have alerts configured. You can also connect Azure Sentinel to your workspace.

Azure Event Grid – For scenarios where you want your auditing logs to be sent somewhere else, whether inside or outside of Azure, you can set up an Azure Event Grid connection.

Streaming can be found under Organization Settings if you are a Project Collection Administrator or have the Manage audit streams permission. For more information, see our documentation.

We’d love to hear your feedback as we continue to move towards making this feature generally available! You can share your thoughts directly with the product team using @AzureDevOps, Developer Community, or by commenting on this post.