May 20 2021 01:06 PM
Hi Team,
Is there any way I can download the raw log from Sentinel? I am investigating alert from Sentinel default template "Brute force attack against Azure Portal" which has basically my name but I want to see how the alert got generated. I know the threshold is "5" by default but if I can see the logs too then I will be sure that this is how it happened. Still learning Sentinel so any help would be appreciated 🙂
May 20 2021 02:01 PM
@msef280 If you run a query in Logs you can then export the results to a CSV file or for use in PowerBI. Hope that helps
May 20 2021 02:36 PM
May 25 2021 07:32 AM
Dec 05 2021 10:57 PM