Forum Discussion
Microsoft Sentinel Query History not updating
Hey CJ3207ā ,
checked a couple tenants and I'm not seeing the same behavior you're seeing. Wondering if it might be a browser caching issue? I would try clearing it or using a different browser.
I know you're not asking for alternatives but just in case and maybe for future reference, if you're using the Unified SecOps (XDR) dashboard for querying (Advanced Hunting), there's a report you can look at to get your query history. Not only does it log the query but you can also get an idea of how performant your queries are: Use the advanced hunting query resource report - Microsoft Defender XDR | Microsoft Learn
Alternatively, you could also start ingesting your queries so you always have 'em in their own table within Sentinel: Audit queries in Azure Monitor log queries - Azure Monitor | Microsoft Learn
Best regards,
Dylan
Hey Dylan,
Thanks for the reply. To your recommendation to clearing the cache, I have tried that. I also did mention that "My colleague has the exact same issue" further evidence supporting that its not local as they are in a different office, on a different machine, using a different browser. While searching for solutions, I did come across the "LAQueryLogs" and do have that set up now. But that is not an ideal solution. Like Shawn_j in the comments below, I also extensively rely on my query history for things like quick reference to particular functions or assisting with building and modifying my queries before I save them. I really would like a fix to this issue as soon as possible. Any other ideas as to what could be causing this?