Archive Sentinel Data into Azure Data Explorer and Storage account via Event Hub (Updated Video)
HTML-код
- Опубликовано: 12 сен 2024
- Step by Step process to export data from Log Analytics Workspace into Azure Data Explorer and Storage Account simultaneously via event hub
1. Read data from Storage Account via Log Analytics workspace
• Microsoft Sentinel Log...
(Watch from 27:00 onwards)
2. Document to copy sentinel data to azure data explorer
/ howto-configure-azure-... export-long-term-storage-lauren/
3. Choosing the right sized event-hub
docs.microsoft...
docs.microsoft... scalability
Great explanation! Thank you for sharing
Hey there, what about the first 90 days? If you're exporting after the logs were received by sentinel, you're still paying for the first 90 days at the full analytics cost.
Couldn't you use ADX as a pre-processor to filter logs you don't need in Sentinel and redirect them to blob storage? eg. trusted firewall traffic to/from trusted hosts.
Thanks for this video, but I will like to know if we can use the same logic to archive data in custom log tables. I think data export does not support custom log tables, so how can this be achieved?
Is that Excel document available to download?
HI Gregory. Unfortunately, that is my IP but more than happy for you to creating one looking at that, thanks 👍👍