Forum Discussion
Sentinel Datalake - How to query outside of defender portal?
I've been doing some testing on Sentinel Datalake but I'm running into a major gap.
How do we query the datalake outside Jupyter notebooks or the defender portal?
Currently, this is done by connecting to the log analytics workspace. But I don't see any way to query the datalake from another system.
2 Replies
SumanthSomireddyMicrosoft
Microsoft Sentinel's Data Lake is a newer component, and the current access approaches are restricted to: Microsoft Defender Portal, Microsoft Sentinel Notebooks and Microsoft Fabric Lakehouse Explorer. Querying Sentinel Data Lake from outside these environments is not fully supported. The possible ways are:
Jupyter Notebooks in Sentinel
Uses Python SDK to access the Fabric Lakehouse
Defender Portal > Query View
Allows KQL querying inside the browser
Microsoft Fabric Integration
Power BI, Notebooks, Data Flows can be used if Sentinel Workspace is linked to Fabric Workspace
Fabric integration would be phenomenal. I cannot find any documentation on this, however.
