Forum Discussion
Sentinel query storage account logs
Hello everyone,
I have implemented log analytics for all my production workloads using a storage account. I would like to have Sentinel ingest the logs for further analysis??
Thank you for your help
lou629 The easiest way would be to create a new MS Sentinel instance that uses those existing LA workspaces and then you can use Azure Lighthouse to view all the incidents in one place.
If that isn't feasible, you would need to to something like using the Data Export feature (or a Logic App) to export the tables to an event hub and then write code to push that data into the LA workspace you use for your existing MS Sentinel instance
