Forum Discussion
Solved
Dashboard/KQL to monitor enabled data connectors across multiple workspaces
Hi all, has anyone had any luck building dashboards that utilise Lighthouse/cross-workspace queries to show and compare data connectors across multiple environments? Trying to streamline my view of all the enabled log sources but having issues with the KQL to actually compare - e.g., CustomerA has SecurityEvents enabled but CustomerB doesn't.
- Doing Tables is a better way (trying to work out Connector to Table mapping is hard)
My Sentinel Central Workbook (see Workbook Templates in Sentinel) will give you the framework - as it looks across Directories/Lighthouse for Incidents / Alerts & Retention settings - you'll need to adapt it for the "Usage" Table or the specific Tables you wish to monitor.
- Doing Tables is a better way (trying to work out Connector to Table mapping is hard)
My Sentinel Central Workbook (see Workbook Templates in Sentinel) will give you the framework - as it looks across Directories/Lighthouse for Incidents / Alerts & Retention settings - you'll need to adapt it for the "Usage" Table or the specific Tables you wish to monitor.
