Forum Discussion
arran1580
Dec 09, 2020Copper Contributor
Azure Sentinel Blob Storage Query
I'm reviewing the use of Azure blob storage for Hot, Cool and Archive tiers for storing data from Azure Sentinels Log analytics for when data needs to be retained for a long portion of time.
I have reviewed the 'Move Your Azure Sentinel Logs to Long-Term Storage with Ease' (https://techcommunity.microsoft.com/t5/azure-sentinel/move-your-azure-sentinel-logs-to-long-term-storage-with-ease/ba-p/1407153) blog which details the use of a playbook to copy data to a new blob container.
Reviewing the blog post I believe the data shown in the example is hot storage.
If the blob storage is using the cool storage tier does anyone know if this would be easily quarriable within Azure Sentinel using the same method and if this will cause any potential timeout issues I would need to consider?
- GaryBusheyBronze ContributorDon't forget to factor in the fact that cold storage has higher transaction and access costs so make sure you would access the data very infrequently
- arran1580Copper Contributor
GaryBushey Thanks for this information. I will keep this in mind when considering the tier of Blob storage.
- GaryBusheyBronze Contributor
arran1580 Looking at this article, Access tiers for Azure Blob Storage - hot, cool, and archive | Microsoft Docs, the latency is in milliseconds so I would think you would be able to access it easily enough