Schemas for Microsoft cloud security logging can sometimes be difficult to navigate programmatically. Fortunately, Azure Log Analytics workspaces provide predefined table definitions for most (if not all) relevant security logs, enabling streamlined log ingestion. Leveraging the Azure Management API, I queried these tables and developed a lightweight frontend to make the JSON response easily searchable.
To run the container use the pre-built image:
docker run -p 8080:80 null0x47/azure-tables:latestAlternatively, you can use the provided docker-compose.yml file to build and run the image locally:
docker compose upOnce the container is running, the frontend will be accessible at: localhost:8080
The exported Azure Log Analytics table definitions are included in this repository as tables.json, located at the project root.
To generate your own export, a Python script is provided. It requires a Subscription ID, Resource Group and Workspace Name. The script uses DefaultAzureCredential for authentication, so a valid Azure CLI session is required.
Run the script using uv (or adjust for your environment):
uv sync && uv run main.pyIf you prefer to interact with the Azure Management API directly, you can use the following curl command to retrieve the LAW table definitions:
curl -X GET \
-H "Authorization: Bearer <ACCESS_TOKEN>" \
-H "Content-Type: application/json" \
"https://management.azure.com/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.OperationalInsights/workspaces/<WORKSPACE_NAME>/tables?api-version=2025-07-01"Make sure to replace placeholders (<ACCESS_TOKEN>, <SUBSCRIPTION_ID>, <RESOURCE_GROUP> and WORKSPACE_NAME) with your actual values.