Forum Discussion
AndrewX
May 13, 2022Iron Contributor
Fact tables in Log Analytics
Can i create and store a dynamic table of users in Azure Log Analytics, that i can join to in queries? ie. I need a AdminUsers table that holds a list of our admins, and some basic information. ...
- May 15, 2022https://docs.microsoft.com/en-us/azure/sentinel/watchlists would be the feature to look at. In KQL there are other options as well with the Let or Dynamic operator https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/scalar-data-types/dynamic or for an example: https://github.com/Azure/Azure-Sentinel/blob/fd750efdda4be82ce52e1bd5bbc8f1ec31485bc5/Hunting%20Queries/W3CIISLog/WebShellActivity.yaml
AndrewX
May 16, 2022Iron Contributor
Clive_Watson just replying to confirm for others reading this thread that I setup Watchlists and they're exactly what I needed.
mikhailf
May 16, 2022Steel Contributor
Hello Andrew,
You can also create dynamic watchlists using Playbook and groups in Azure AD.
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/update-microsoft-sentinel-vip-users-watchlist-from-azure-ad/ba-p/3100184
You can also create dynamic watchlists using Playbook and groups in Azure AD.
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/update-microsoft-sentinel-vip-users-watchlist-from-azure-ad/ba-p/3100184