New Blog Post | What’s New: Azure Sentinel Hunting supports ADX cross-resource queries

%3CLINGO-SUB%20id%3D%22lingo-sub-2549291%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20What%E2%80%99s%20New%3A%20Azure%20Sentinel%20Hunting%20supports%20ADX%20cross-resource%20queries%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2549291%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22JasonCohen1892_0-1626293687650.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F295914i42ADB48EDF788868%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22JasonCohen1892_0-1626293687650.png%22%20alt%3D%22JasonCohen1892_0-1626293687650.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fwhat-s-new-azure-sentinel-hunting-supports-adx-cross-resource%2Fba-p%2F2530678%22%20target%3D%22_blank%22%3EWhat%E2%80%99s%20New%3A%20Azure%20Sentinel%20Hunting%20supports%20ADX%20cross-resource%20queries%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FP%3E%0A%3CP%3ENow%20in%20preview%2C%20you%20can%20use%20Azure%20Data%20Explorer%20(ADX)%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Flogs%2Fazure-monitor-data-explorer-proxy%23cross-query-your-log-analytics-or-application-insights-resources-and-azure-data-explorer%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ecross-resource%20queries%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Efrom%20with-in%20the%20hunting%20query%20page%2C%20the%20livestream%20page%2C%20and%20the%20logs%20(Log%20Analytics)%20page.%20Although%20Log%20Analytics%20remains%20the%20primary%20data%20storage%20location%20for%20performing%20analysis%20with%20Azure%20Sentinel%2C%20there%20are%20cases%20where%20ADX%20is%20required%20to%20store%20data%20due%20to%20cost%2C%20retention%20periods%2C%20or%20other%20factors.%20%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22TrackChangeTextInsertion%20TrackedChange%20%20BCX8%20SCXW253823728%22%3E%3CSPAN%20class%3D%22TextRun%20%20BCX8%20SCXW253823728%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20%20BCX8%20SCXW253823728%22%20data-ccp-parastyle%3D%22Normal%20(Web)%22%3EYou%20can%20learn%20more%20about%20sending%20logs%20from%20Azure%20Sentinel%20to%20Azure%20Data%20Explorer%20for%20long-term%20retention%20here%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22TrackChangeTextInsertion%20TrackedChange%20%20BCX8%20SCXW253823728%22%3E%3CSPAN%20class%3D%22TrackedChange%20%20BCX8%20SCXW253823728%22%3E%3CSPAN%20class%3D%22TextRun%20%20BCX8%20SCXW253823728%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20%20BCX8%20SCXW253823728%22%20data-ccp-parastyle%3D%22Normal%20(Web)%22%3E%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fstore-logs-in-azure-data-explorer%3Ftabs%3Dadx-event-hub%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EIntegrate%20Azure%20Data%20Explorer%20for%20long-term%20log%20retention%3C%2FA%3E.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22TrackChangeTextInsertion%20TrackedChange%20%20BCX8%20SCXW253823728%22%3EOriginal%20Post%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fsecurity-compliance-and-identity%2Fnew-blog-post-what-s-new-azure-sentinel-hunting-supports-adx%2Fm-p%2F2549288%23M6060%22%20target%3D%22_blank%22%3ENew%20Blog%20Post%20%7C%20What%E2%80%99s%20New%3A%20Azure%20Sentinel%20Hunting%20supports%20ADX%20cross-resource%20queries%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

JasonCohen1892_0-1626293687650.png

What’s New: Azure Sentinel Hunting supports ADX cross-resource queries - Microsoft Tech Community

Now in preview, you can use Azure Data Explorer (ADX) cross-resource queries from with-in the hunting query page, the livestream page, and the logs (Log Analytics) page. Although Log Analytics remains the primary data storage location for performing analysis with Azure Sentinel, there are cases where ADX is required to store data due to cost, retention periods, or other factors.  

 

You can learn more about sending logs from Azure Sentinel to Azure Data Explorer for long-term retention here: Integrate Azure Data Explorer for long-term log retention.

 

Original Post: New Blog Post | What’s New: Azure Sentinel Hunting supports ADX cross-resource queries - Microsoft T...

0 Replies