Forum Discussion

Pavan_Gelli1910

Brass Contributor

Jan 06, 2020

Solved

Storing static data in table to use in KQL

Unable to maintain static/dynamic data sets for below sample use cases. Use Cases: Increase in failed domain admin account logins detected Password change or rest on known privileged accoun...

KQL

GaryBushey
Jan 06, 2020
Pavan_Gelli1910 Just saw this timely post on the Azure Sentinel blog page. Could help.

https://techcommunity.microsoft.com/t5/azure-sentinel/implementing-lookups-in-azure-sentinel-part-1-reference-files/ba-p/1091306

GaryBushey

Bronze Contributor

Jan 06, 2020

Pavan_Gelli1910 You can create your own custom log table and add the entries there. This page has a PowerShell script that shows you the steps. It should be easy enough to modify for your needs or to use it as a basis for a different language.

https://gallery.technet.microsoft.com/PowerShell-script-to-0823e09d