Thanks for the video.. It was very informative... I just want to know if we use Azure Blob storage for data retention you said we cant use KQL queries.. but can we connect Blob storage to sentinel using data connector and run KQL on that data..? Thanks in advance..
Hi IAm, you won’t be able to use the SAME queries as if the data were in Sentinel, it’s more difficult and tedious to navigate inside each data folder in a blob storage :)
I do have to correct myself here so when I talked about ADX not supporting custom log sources that’s not entirely true, so if you use Data Export (in public preview) to Azure Data Explorer this won’t allow custom tables support (yet) If you send Data to Azure Sentinel AND Azure Data Explorer in parallel then this DOES support custom tables, just be mindful of data duplication and again costs for ADX , any further questions please don’t hesitate to drop a comment :)
Thanks for the video.. It was very informative...
I just want to know if we use Azure Blob storage for data retention you said we cant use KQL queries.. but can we connect Blob storage to sentinel using data connector and run KQL on that data..?
Thanks in advance..
Hi IAm, you won’t be able to use the SAME queries as if the data were in Sentinel, it’s more difficult and tedious to navigate inside each data folder in a blob storage :)
I do have to correct myself here so when I talked about ADX not supporting custom log sources that’s not entirely true, so if you use Data Export (in public preview) to
Azure Data Explorer this won’t allow custom tables support (yet)
If you send Data to Azure Sentinel AND Azure Data Explorer in parallel then this DOES support custom tables, just be mindful of data duplication and again costs for ADX , any further questions please don’t hesitate to drop a comment :)
Please come up with "how to crack Sentinel interview?"
That would be difficult, there are many topics and a lot of integrations for Sentinel