Event details

During Microsoft Secure you learned about the latest innovations around Microsoft's SIEM and XDR solution. Join this Ask Microsoft Anything (AMA) session to get your questions about Microsoft Sentine...
Trevor_Rusher
Updated Dec 27, 2024
siem
Tech Accelerator
xdr
lasse_selsing's avatar
lasse_selsing
Copper Contributor
Apr 13, 2023
Hi, is there any special considerations to make when building data collection rules? im ingesting firewall data into native tables via Logstash, but are there any guidelines or best practices to follow when working with large amounts of data? 400+ gb/daily of firewall data. when using the TransformKql, can i use has just as well as contain? or are there any restrictions or limitations that i should be aware of when building those transformkql statements?
Heather_Poulsen's avatar
Heather_Poulsen
Icon for Community Manager rankCommunity Manager
Apr 17, 2023
Thanks for participating in the Tech Accelerator! For reference, the panel covered this topic at around 23:45.