|
- How to use Log Analytics log data exported to Storage Accounts
Introduction Exporting your logs from Sentinel or Log Analytics to Azure storage account blobs gives you low-cost long-term retention, as well as benefits such as immutability for legal hold, and geographical redundancy
- Automating Watchlists in Microsoft Sentinel
In Microsoft Sentinel, this can be easily done through Watchlists, a feature that allows uploading local CSV files or CSV files stored in a storage account While you can do this from the portal, you can also automate it using APIs
- Using Azure Data Explorer for long term retention of Microsoft Sentinel . . .
Summary As you have seen throughout this article, you can stream your telemetry data to ADX to be used as a long-term storage option with lower cost than Sentinel Log Analytics, and still have the data available for exploration using the same KQL queries that you use in Sentinel Please post below if you have any questions or comments
- Investigating blob and file storage compromises with Azure Sentinel
Learn how to investigate azure storage compromises using Azure Sentinel
- Archiving Azure Sentinel Logs: A Comprehensive Guide to Archive Options . . .
Maximize your Azure Sentinel data archiving options Learn how to store and search Sentinel logs beyond the default 90-day retention period using Log
- Azure Sentinel: Storage design considerations
MCAS - just direct Alerts only to Sentinel On the surface of it, this would likely reduce the storage needs in Sentinel, however it’s also likely that this will also reduce it’s effectiveness due to less data points and telemetry? It will also mean that any analyst will then have to fall back to jumping between consoles?
- data analytics enviroment with Sentinel | Microsoft Community Hub
data analytics enviroment with Sentinel Hi guys, I am currently analyzing the sentinel solution, but I would like you to help me indicate what I can monitor or how to get the most out of it when using it in a data analysis environment, with the next component: datalake, datawarehous, databricks, data factory, iot hub, etc
- FAQ: Search, Basic Ingestion, Archive, and Data Restoration
3 Why should I use the Archived Logs with Sentinel Search vs Continuous Data Export to Azure Data Explorer? Using Search and Archived Logs allows for a simplified, maintenance free architecture while providing low-cost archive storage within the same Log Analytics workspace
|
|
|