Forum Discussion
Fetching alerts from Sentinel using logic apps
Hello everyone, I have a requirement to archive alerts from sentinel. To do that I need to do the following: Retrieve the alerts from Sentinel Send the data to an external file share As a solut...
t's actually a lot easier than that!
If you find the Log Analytics table Sentinel is installed on, you can use the built-in Data Export service to export tables you want to a Storage Account in real-time.
You can simply specify the tables you want to export
And in your rule you can specify the Storage Account you want logs to go to:
This is a lot easier and more reliable than creating custom automation. :)
This is indeed a great approach, and I will proceed with it for now. I have one more question, if you don’t mind:
I need to include the events that triggered the alerts in the SentinelAlert table in the archived data. In your opinion, what is the best approach to tackle this?