Forum Discussion
rpargman
Nov 19, 2020Copper Contributor
Export and Import Saved Queries and Functions from one Sentinel Workspace to Another
I have been getting so much value out of Azure Sentinel, custom log types, and custom functions to parse logs and make them easy to query in KQL (I have Sysmon, Suricata and Zeek among others). I've ...
- Nov 19, 2020
rpargman You need to use the Log Analytics REST API to get access to those. Take a look at: https://docs.microsoft.com/en-us/rest/api/loganalytics/savedsearches to get started
arkscout
May 18, 2021Copper Contributor
Hey thanks for the great input in this thread. I wanted to check in before I go about trying to do this with functions. My question is basically the same. I was hoping to find a way to do this with the az-cli and core functions. Not so much as exporting, which would be a bonus. But editing and saving. I went through and did this in the GUI yesterday and it was a time consuming to say the least. Would you by chance have any guidance on that?