Aug 13 2020 12:48 AM
Hi
i am looking for a way to run KQL queries over the sentinel API to query data for different Azure tenants at once across workspaces
any tips on how that can be achieved would be great!
Aug 13 2020 05:34 AM
@erlendoyen There is not a way to do this. The Sentinel API does provide filtering features but not the ability to query across workspaces. There is a the KQL command called "workspace" to perform this. Take a look at this blog post to get started: https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-cross-workspace-hunting-is-now-avai...
Aug 13 2020 09:20 AM