Forum Discussion
Using Lookups in analytics rules
Hi, I'm implementing Azure Sentinel for a customer and I'm looking into how we can configure rules to either whitelist or trigger specifically on items from a lookup table. From what I've understo...
1) Yes, for now.
2) The SAS key is very secure. If you lock down Azure Sentinel so that only those people who need to get in can get in then you should be fine. I generally put my files for Azure Sentinel in their own container so even if someone gets the key the worse case is they see only those files. You can even go further and create a new container per file to make it even more secure.
1) Yes, for now.
2) The SAS key is very secure. If you lock down Azure Sentinel so that only those people who need to get in can get in then you should be fine. I generally put my files for Azure Sentinel in their own container so even if someone gets the key the worse case is they see only those files. You can even go further and create a new container per file to make it even more secure.
