Ingesting Archived Logs to Azure Sentinel

Question

Hi,Is there a way we can ingest logs from Azure Storage Account Blob or Event Hub to Azure Sentinel.Lets say I have logs stored in the storage account and now I want to bring it to Sentinel for analytics and to check if there is trace of any malicious activity.

clivewatson · Answer

AnuragSrivastava&nbsp;You could just query the data in the Blob, if you only require log queries on this data?&nbsp; See "Query the data"?&nbsp;Move Your Azure Sentinel Logs to Long-Term Storage with Ease - Microsoft Tech CommunityThere are other options with ADX, this is one of many linksQuery exported data from Azure Monitor using Azure Data Explorer (preview) - Azure Monitor | Microsoft Docs&nbsp;&nbsp;

Forum Discussion

Ingesting Archived Logs to Azure Sentinel

1 Reply