Forum Discussion

Nexxic's avatar
Nexxic
Copper Contributor
Sep 01, 2020
Solved

Using Lookups in analytics rules

Hi, I'm implementing Azure Sentinel for a customer and I'm looking into how we can configure rules to either whitelist or trigger specifically on items from a lookup table. From what I've understo...
  • GaryBushey's avatar
    GaryBushey
    Sep 01, 2020

    Nexxic 

    1) Yes, for now.

    2) The SAS key is very secure.  If you lock down Azure Sentinel so that only those people who need to get in can get in then you should be fine.   I generally put my files for Azure Sentinel in their own container so even if someone gets the key the worse case is they see only those files.   You can even go further and create a new container per file to make it even more secure.

GaryBushey's avatar
GaryBushey
Bronze Contributor
Sep 01, 2020

Nexxic 

1) Yes, for now.

2) The SAS key is very secure.  If you lock down Azure Sentinel so that only those people who need to get in can get in then you should be fine.   I generally put my files for Azure Sentinel in their own container so even if someone gets the key the worse case is they see only those files.   You can even go further and create a new container per file to make it even more secure.

Resources