Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community

Raw logs data in sentinel

Copper Contributor

I have been exploring sentinel for quite some time now but I'm unable to figure out how to see the raw logs coming out from different sources. We can see it on different SIEM solutions like Qradar/splunk.

To explain better: I wanna see what logs have come in from a specific machine in last 1 hour.

1 Reply

@yaniys04 I do not believe the raw logs coming via Syslog or CEF are stored anywhere.  You can write your queries to be able to see the information coming from individual machines as long as that information is being passed in.