Forum Discussion
Result in the Sentinel GUI (Incidents) / No results in logs (query)
Hey guys,
I have a problem understanding how Sentinel works. In my Sentinel, I can search for incidents dating back to the year 2022. However, when I try to find the same incidents with a Kusto query, it returns no results. Interestingly, when I attach a tag to one of these old incidents, it pops up in my query search. It feels like there are other tables that we cannot query or some settings are not correctly configured in my instance.
Does anyone know where I can find some information about this issue?
Big thanks,
Joe
- Correct, if you need the data you need to retain it yourself by increasing Table retention and/or archiving.
- Correct, some data is retained by Microsoft for much longer, but as you probably noticed its a small set of data. not everything.
- And if I assume correctly, there is no way (through configuration or payment) to access this data?
- Correct, if you need the data you need to retain it yourself by increasing Table retention and/or archiving.
