Ingest Azure DevOps Audit logs
Currently in Azure DevOps the audit logs are retained for only 90 days. Additionally, searching through the audit logs requires a download of csv/json audit logs.
There needs to be functionality between Azure Workspace and Azure DevOps so that Audit logs at an Organization level can be ingested into a Workspace. Our corporate security has requirement that audit logs be maintained far beyond 90 days. The only solution now is to cron a script to load audit data to some external data store. Why not extend the current capabilities of workspaces, monitoring and app insights to include ingesting Azure DevOps audit logs. This would support other security auditing needs going forward.

1 comment
-
Kamil Wiecek commented
Good idea. As we like searching logs inside the Log Analytics workspace using KQL, we decided to develop a simple workaround to have Azure DevOps audit logs there: https://automate.guru/azure-devops-audit-logs-forwarding/