Forum Discussion
Solved
Fact tables in Log Analytics
Can i create and store a dynamic table of users in Azure Log Analytics, that i can join to in queries? ie. I need a AdminUsers table that holds a list of our admins, and some basic information. ...
- https://docs.microsoft.com/en-us/azure/sentinel/watchlists would be the feature to look at. In KQL there are other options as well with the Let or Dynamic operator https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/scalar-data-types/dynamic or for an example: https://github.com/Azure/Azure-Sentinel/blob/fd750efdda4be82ce52e1bd5bbc8f1ec31485bc5/Hunting%20Queries/W3CIISLog/WebShellActivity.yaml
https://docs.microsoft.com/en-us/azure/sentinel/watchlists would be the feature to look at. In KQL there are other options as well with the Let or Dynamic operator https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/scalar-data-types/dynamic or for an example: https://github.com/Azure/Azure-Sentinel/blob/fd750efdda4be82ce52e1bd5bbc8f1ec31485bc5/Hunting%20Queries/W3CIISLog/WebShellActivity.yaml
Clive_Watson oh this is fantastic, exactly what we need. I knew that I could use let and build my own static dynamic object, but watchlists are definitely what I need.
Thanks for replying.