SOLVED

Remove custom logs from Azure Sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-1357085%22%20slang%3D%22en-US%22%3ERemove%20custom%20logs%20from%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1357085%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20folks%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20connected%20Logstash%20datasource%20to%20Azure%20Sentinel%2C%20I'm%20pushing%20the%20logs%20to%20a%20custom%20log%20tabe%20as%20%22SQLAuthenticationLogs_CL%22.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20like%20to%20know%20how%20to%3A%3C%2FP%3E%3CP%3E1-%20Clear%20these%20custom%20logs%3C%2FP%3E%3CP%3E2-%20Remove%20the%20customer%20table%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1357420%22%20slang%3D%22en-US%22%3ERe%3A%20Remove%20custom%20logs%20from%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1357420%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F643874%22%20target%3D%22_blank%22%3E%40nafejeries%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELogs%20will%20be%20removed%20when%20the%20retention%20period%20has%20been%20reached.%26nbsp%3B%20This%20is%20the%20%231%20method.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20specific%20GDPR%20use%20cases%20(this%20isn't%20a%20method%20you%20should%20be%20using%20often)%20there%20is%20article%20you%20should%20read%20-%20please%20pay%20close%20attention%20to%20the%20%3CSTRONG%3Emany%3C%2FSTRONG%3E%20WARNING%20and%20IMPORTANT%20messages%20on%20this%20page%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Fpersonal-data-mgmt%23how-to-export-and-delete-private-data%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Fpersonal-data-mgmt%23how-to-export-and-delete-private-data%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hi folks,

 

I have connected Logstash datasource to Azure Sentinel, I'm pushing the logs to a custom log tabe as "SQLAuthenticationLogs_CL". 

 

I would like to know how to:

1- Clear these custom logs

2- Remove the customer table

 

Thanks 

1 Reply
Highlighted
Best Response confirmed by nafejeries (Occasional Contributor)
Solution

@nafejeries 

 

Logs will be removed when the retention period has been reached.  This is the #1 method. 

 

For specific GDPR use cases (this isn't a method you should be using often) there is article you should read - please pay close attention to the many WARNING and IMPORTANT messages on this page:

 

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/personal-data-mgmt#how-to-export-and-d...