Forum Discussion

arran1580's avatar
arran1580
Copper Contributor
Dec 09, 2020

Azure Sentinel Blob Storage Query

I'm reviewing the use of Azure blob storage for Hot, Cool and Archive tiers for storing data from Azure Sentinels Log analytics for when data needs to be retained for a long portion of time.

 

I have reviewed the 'Move Your Azure Sentinel Logs to Long-Term Storage with Ease' (https://techcommunity.microsoft.com/t5/azure-sentinel/move-your-azure-sentinel-logs-to-long-term-storage-with-ease/ba-p/1407153) blog which details the use of a playbook to copy data to a new blob container.

Reviewing the blog post I believe the data shown in the example is hot storage.

 

If the blob storage is using the cool storage tier does anyone know if this would be easily quarriable within Azure Sentinel using the same method and if this will cause any potential timeout issues I would need to consider?

Resources