cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Data Connector Last Log Received

unclejohn
Copper Contributor

‎Jan 12 2023 06:33 AM

‎Jan 12 2023 06:33 AM

Data Connector Last Log Received

Hi I was looking to see if its possible to change the ingestion time of logs into sentinel or atleast have a view on the times that are set for logs to come in. 

 

An example is my AAD connector seems to be inconsistent.

unclejohn_0-1673533922909.png

 

Labels:
833 Views
0 Likes
1 Reply
Reply
1 Reply
Clive_Watson

‎Jan 12 2023 07:01 AM

‎Jan 12 2023 07:01 AM

Re: Data Connector Last Log Received

That may not be possible - there are at least Three Connector types.

I'll call these push, pull and custom.

Push - push logs send data to Sentinel (Office activity as an example) it will send data when its ready e.g. it will cache data then send at a time is decides. So you cant get this data every "n" minutes.

Pull (or polling) - these vendor sources will look for the data at pre-determined intervals, again these are set by the connector and AFAIK not tuneable.

Custom - Data Sources you ingest you can probably schedule. e.g. a Logic App that runs every 5mins to get data from a REST Api.
1 Like
Reply