Forum Discussion
Solved
Lookback range on threat intelligence in analytic rules
Hi, I have set up a MISP-server to send Threat Intelligence into sentinel. I have set it up via this guide (https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/integrating-open-source-...
- 1. Cost mainly - if above the default retention of 90days for Microsoft Sentinel
2. That is true for Scheduled rules which are limited to 14days. Perf is a strong reasons for this limit, so all Rules can run well. The workaround is either to do ad-hoc queries in the logs blade or….
Tiander did a great webcast here: https://youtu.be/G6TIzJK8XBA?t=3152 – watch it all 😊, but “14days use case” starts at 42min
1. Cost mainly - if above the default retention of 90days for Microsoft Sentinel
2. That is true for Scheduled rules which are limited to 14days. Perf is a strong reasons for this limit, so all Rules can run well. The workaround is either to do ad-hoc queries in the logs blade or….
Tiander did a great webcast here: https://youtu.be/G6TIzJK8XBA?t=3152 – watch it all 😊, but “14days use case” starts at 42min
2. That is true for Scheduled rules which are limited to 14days. Perf is a strong reasons for this limit, so all Rules can run well. The workaround is either to do ad-hoc queries in the logs blade or….
Tiander did a great webcast here: https://youtu.be/G6TIzJK8XBA?t=3152 – watch it all 😊, but “14days use case” starts at 42min
Thank you for the answers. Very useful webcast aswell