Mar 27 2021 11:51 PM
Hi,
Is there a way we can ingest logs from Azure Storage Account Blob or Event Hub to Azure Sentinel.
Lets say I have logs stored in the storage account and now I want to bring it to Sentinel for analytics and to check if there is trace of any malicious activity.
Mar 29 2021 02:20 AM
@AnuragSrivastava You could just query the data in the Blob, if you only require log queries on this data? See "Query the data"? Move Your Azure Sentinel Logs to Long-Term Storage with Ease - Microsoft Tech Community
There are other options with ADX, this is one of many links
Query exported data from Azure Monitor using Azure Data Explorer (preview) - Azure Monitor | Microso...