This demo shows how to enable auditing and health monitoring for Microsoft Sentinel analytics rules, then use the resulting Log Analytics data to troubleshoot problems fast. It walks through turning the feature on from the Settings page (Auditing and health monitoring), optionally configuring diagnostic settings, and choosing where diagnostics data is sent (Log Analytics by default, with options like Storage, Event Hub, or partner solutions). From there, it tours the built-in Health and audit workbook under Analytics workbooks—using Overview, Health, and Audit tabs to visualize rule status, failures/warnings, and rule create/update/delete activity. Finally, it drops into Logs to show the two key tables—SentinelHealth (rule run status and error messages) and SentinelAudit (who changed what and when)—and demonstrates querying them to pinpoint when a specific rule broke and which edit likely caused it.
We produced this as a practical, follow-along troubleshooting walkthrough: we planned the story around the exact admin path (enable→visualize→query→diagnose), captured clean portal screens so every setting and table name is easy to read, and shaped the edit to highlight the “needle-moving” moments—where you confirm failures, correlate changes, and get to the fix without wandering. The result is a crisp demo that helps SecOps teams maintain rule reliability, spot regressions early, and keep Sentinel detections running with fewer surprises. Final delivery includes closed captions, audio description, and thumbnails.
The inevitable sequels
Hollywood keeps stretching good ideas into progressively worse sequels. We don’t. These are the related videos—spiritual siblings of the one you just watched—as good or better than this video. Expect callbacks, new plot twists, and maybe even a scene-stealing cameo from a lower third.
