Forum Discussion
Export and Import Saved Queries and Functions from one Sentinel Workspace to Another
I have been getting so much value out of Azure Sentinel, custom log types, and custom functions to parse logs and make them easy to query in KQL (I have Sysmon, Suricata and Zeek among others). I've ...
rpargman You need to use the Log Analytics REST API to get access to those. Take a look at: https://docs.microsoft.com/en-us/rest/api/loganalytics/savedsearches to get started
rpargman You need to use the Log Analytics REST API to get access to those. Take a look at: https://docs.microsoft.com/en-us/rest/api/loganalytics/savedsearches to get started
- Thank you! That Log Analytics API is amazing. I didn't realize that it could get the queries, too.
- Ofer_Shezaf
Microsoft
rpargman , GaryBushey : the powershell cmdlets might be an easier start than the API: create, remove, get
- Oh thank you! I'll check those out, too. I appreciate the tip.
