Forum Discussion
Data Connector Last Log Received
Hi I was looking to see if its possible to change the ingestion time of logs into sentinel or atleast have a view on the times that are set for logs to come in.
An example is my AAD connector seems to be inconsistent.
- That may not be possible - there are at least Three Connector types.
I'll call these push, pull and custom.
Push - push logs send data to Sentinel (Office activity as an example) it will send data when its ready e.g. it will cache data then send at a time is decides. So you cant get this data every "n" minutes.
Pull (or polling) - these vendor sources will look for the data at pre-determined intervals, again these are set by the connector and AFAIK not tuneable.
Custom - Data Sources you ingest you can probably schedule. e.g. a Logic App that runs every 5mins to get data from a REST Api.
