Blog Post

Microsoft Sentinel Blog
4 MIN READ

Azure Sentinel correlation rules: Active Lists out; make_list() in, the AAD/AWS correlation example

Ofer_Shezaf's avatar
Ofer_Shezaf
Icon for Microsoft rankMicrosoft
Nov 25, 2019
  Writing alert rules using KQL is powerful but does not have to be complex. A good example would be rules which in traditional SIEM use Active Lists (or Reference Sets, depending on your SIEM). Wh...
Updated Dec 29, 2020
Version 12.0
detection
Query
MiteshAgrawal's avatar
MiteshAgrawal
Brass Contributor
Jan 31, 2020

Thanks Ofer_Shezaf . The post is very useful. My requirement can be met with the link you provided. 

 

One more query I have is whether can I read data from a file in my local machine if I do not want to create a BLOB object?

 

Regards,

Mitesh Agrawal