Dec 09 2020 10:13 AM
I'm reviewing the use of Azure blob storage for Hot, Cool and Archive tiers for storing data from Azure Sentinels Log analytics for when data needs to be retained for a long portion of time.
I have reviewed the 'Move Your Azure Sentinel Logs to Long-Term Storage with Ease' (https://techcommunity.microsoft.com/t5/azure-sentinel/move-your-azure-sentinel-logs-to-long-term-sto...) blog which details the use of a playbook to copy data to a new blob container.
Reviewing the blog post I believe the data shown in the example is hot storage.
If the blob storage is using the cool storage tier does anyone know if this would be easily quarriable within Azure Sentinel using the same method and if this will cause any potential timeout issues I would need to consider?
Dec 09 2020 11:31 AM
@arran1580 Looking at this article, Access tiers for Azure Blob Storage - hot, cool, and archive | Microsoft Docs, the latency is in milliseconds so I would think you would be able to access it easily enough
Dec 09 2020 11:33 AM
Dec 10 2020 04:17 AM
@Gary Bushey Thanks for this information. I will keep this in mind when considering the tier of Blob storage.