SOLVED

Fact tables in Log Analytics

Iron Contributor

Can i create and store a dynamic table of users in Azure Log Analytics, that i can join to in queries?

 

ie.  I need a AdminUsers table that holds a list of our admins, and some basic information.  I want to join to the AdminUsers table and grab data our of it as needed in queries.

 

Is this possible, how?

4 Replies
best response confirmed by AndrewX (Iron Contributor)

@Clive_Watson oh this is fantastic, exactly what we need.  I knew that I could use let and build my own static dynamic object, but watchlists are definitely what I need.

 

 Thanks for replying.

@Clive_Watson just replying to confirm for others reading this thread that I setup Watchlists and they're exactly what I needed.

Hello Andrew,
You can also create dynamic watchlists using Playbook and groups in Azure AD.
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/update-microsoft-sentinel-vip-users-w...