Microsoft Secure Tech Accelerator
Apr 13 2023, 07:00 AM - 12:00 PM (PDT)
Microsoft Tech Community

Raw logs data in sentinel

New Contributor

I have been exploring sentinel for quite some time now but I'm unable to figure out how to see the raw logs coming out from different sources. We can see it on different SIEM solutions like Qradar/splunk.

To explain better: I wanna see what logs have come in from a specific machine in last 1 hour.

1 Reply

@yaniys04 I do not believe the raw logs coming via Syslog or CEF are stored anywhere.  You can write your queries to be able to see the information coming from individual machines as long as that information is being passed in.