Raw Logs Download (Sentinel)

Occasional Contributor

Hi Team,

Is there any way I can download the raw log from Sentinel? I am investigating alert from Sentinel default template "Brute force attack against Azure Portal" which has basically my name but I want to see how the alert got generated. I know the threshold is "5" by default but if I can see the logs too then I will be sure that this is how it happened. Still learning Sentinel so any help would be appreciated :) 

4 Replies

@msef280 If you run a query in Logs you can then export the results to a CSV file or for use in PowerBI. Hope that helps

Agree with Gary. Trust the tool. :) However, I have a PowerShell script that will download specific tables, if you want to do it that way... https://github.com/rod-trent/SentinelPS
Thanks a lot guys for the reply :) So what I am trying to see all 5 events of this alert which I am unable to see. It does tell me that 5 failures happened that's why the alert got created but I am not able to see those 5 events. (see screenshot attached)