Forum Discussion
Query Defender XDR Timeline data without GUI
How do i query data that is older in 30 days without Sentinel ? Timeline is complaining and restricting the search to a few days when im interested in searching for weeks months.
Hi Zlate81, as you are not interested for Sentinel in that case you can think about
Alternatie Less common solutions:
Azure Storage Account or Event Hubs: It is also possible to configure Defender for Endpoint to export data to an Azure Storage Account or Azure Event Hubs. This is a more manual approach. You would typically use this method to archive data for compliance and then use other tools (like Azure Data Explorer) to query it if needed. This method is less integrated for active threat hunting compared to the Sentinel solution.