Forum Discussion
Sharing sentinel logs with another SIEM
Hello, we are looking at sharing logs fed into sentinel LAW with another SIEM on a temporary basis. More like keeping a copy in Sentinel and sending another copy to another SIEM solution. Is there a good way to do this without incurring huge storage costs? Has anyone done this before? Please share
2 Replies
- Check out this guidance, you can export from Log Analytics to either a storage account or event hub - https://docs.microsoft.com/en-us/azure/azure-monitor/logs/logs-data-export?tabs=portal
The cost of the export itself is free, but you will obviously pay charges on either storage or event hub depending on where you send it too.- Thanks m_zorich for your response. I kinda figured these were the options but was looking for something completely free. Thanks again for taking time to respond
