Azure Sentinel News
  • Home
  • Security and Compliance
  • MSSP
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
  • Security and Compliance
  • MSSP
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home SIEM

Moving Azure Sentinel Data to ADX for Long Term Storage

Azure Sentinel News Editor by Azure Sentinel News Editor
March 31, 2021
in SIEM
0
Protecting your GitHub assets with Azure Sentinel
2.6kViews
500 Shares Share on Facebook Share on Twitter

By  Rod Trent and Azure Sentinel News

There’s been a lot of talk recently about how long to actually store active data in a SIEM and then what to do with that data once it’s no longer relevant to active operations.

With Azure Sentinel, you get 90 days of active data retention. After that, you’ll want to export it to cold storage because the data will start to cost if it remains in the Log Analytics workspace (LAW). Fortunately, Azure Data Explorer (ADX) has come along which provides cheaper storage, but also allows querying utilizing the same KQL query language. So, you can effectively query current (in the LAW) and old data (in ADX) together. However, it’s important to understand, too, that a LAW is required for Azure Sentinel automated data analysis (i.e., Analytics Rules). You can’t run analytics against ADX.

So, there’s some awesome resources around this data export to ADX that I want to make clear because these seem to be getting lost in networking streams somewhere. Plus, I want to expose an awesome new(er) PowerShell script from my good buddy Sreedhar Ande. Sreedhar’s PowerShell script really is a timesaver for sending the data to long term storage.

Here’s the resources:

  • HOWTO: Configure Azure Sentinel data export for long-term storage: https://www.linkedin.com/pulse/howto-configure-azure-sentinel-data-export-long-term-storage-lauren/
  • The benefits of Using Azure Data Explorer for long term retention of Azure Sentinel logs: https://techcommunity.microsoft.com/t5/azure-sentinel/using-azure-data-explorer-for-long-term-retention-of-azure/ba-p/1883947
  • Playbook method – Move Your Azure Sentinel Logs to Long-Term Storage with Ease: https://techcommunity.microsoft.com/t5/azure-sentinel/move-your-azure-sentinel-logs-to-long-term-storage-with-ease/ba-p/1407153
  • Sreedhar’s PowerShell script – Azure Log Analytics Log Management using Azure Data Explorer: https://github.com/sreedharande/AzureDataExplore

Source : https://azurecloudai.blog/2021/03/26/moving-azure-sentinel-data-to-adx-for-long-term-storage/

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

SENTINEL

Detecting the “Next” SolarWinds-Style Cyber Attack

April 16, 2021
Microsoft bolsters threat prevention capabilities for enterprises
SIEM

What is SIEM software? How it works and how to choose the right tool

April 7, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021
KQL

Best practices for migrating detection rules from ArcSight, Splunk and QRadar to Azure Sentinel

March 30, 2021
Next Post
Whats new: Azure Sentinel and Microsoft 365 Defender incident integration

How to Reenable Analytics Rules Disabled by Enabling the Microsoft 365 Defender (Preview) Alerts

With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Securing your Organization with Azure Sentinel

Microsoft goes direct with WA govt with new Whole of Govt agreement

Interactive wins multi-year security deal with Pact Group

Follow Us

  • 22M Fans
  • 85 Followers

Recommended

Microsoft Debuts Azure Sentinel SIEM, Threat Experts Service

Azure Sentinel Event Grouping is in Public Preview

4 months ago
Azure Stack and Azure Arc for data services from Blog Posts – SQLServerCentral

Cloud-based Supercomputer Accelerates COVID-19 Drug Discovery

5 months ago
Hunting for Barium using Azure Sentinel

Hunting for Barium using Azure Sentinel

5 months ago
WA strikes govt-wide cloud deal with Microsoft

Web shell threat hunting with Azure Sentinel and Microsoft Threat Protection

5 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • MSSP
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SENTINEL
  • SIEM
  • SOAR
  • Threat Intelligence

Topics

analytics anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Data Connectors Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks
No Result
View All Result

Highlights

Experience Azure Sentinel with Our New Interactive Learn Guide

How to Use Microsoft Teams as a Frontend to Azure Sentinel

3 basic cybersecurity measures to protect MSP businesses

Microsoft buying speech recognition firm Nuance in $16 billion deal

Omdia Research Spotlight: XDR

Google Releases Monitoring Query Language for Cloud Monitoring into General Availability

Trending

CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services
SENTINEL

Stream Analytics Software Market 2021 Strategic Assessment-IBM, AWS, TIBCO, Vitria, SQLstream, Microsoft Azure

by Azure Sentinel News Editor
April 19, 2021
0

By  tanmay and Azure Sentinel News Covid-19 Impact On Global Stream Analytics Software Market Size, Status And...

Microsoft Acquires CyberX to Improve Azure IoT Security

Illusive Collaborates with Microsoft on Active Defense Solution with Microsoft Defender for Endpoint to Combat Advanced Human-Operated Attacks

April 16, 2021

Detecting the “Next” SolarWinds-Style Cyber Attack

April 16, 2021
Microsoft is quietly becoming a cybersecurity powerhouse

Experience Azure Sentinel with Our New Interactive Learn Guide

April 16, 2021
Vectra AI and Microsoft partner on security integration

How to Use Microsoft Teams as a Frontend to Azure Sentinel

April 16, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • Stream Analytics Software Market 2021 Strategic Assessment-IBM, AWS, TIBCO, Vitria, SQLstream, Microsoft Azure April 19, 2021
  • Illusive Collaborates with Microsoft on Active Defense Solution with Microsoft Defender for Endpoint to Combat Advanced Human-Operated Attacks April 16, 2021
  • Detecting the “Next” SolarWinds-Style Cyber Attack April 16, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • MSSP
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SENTINEL
  • SIEM
  • SOAR
  • Threat Intelligence

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • MSSP
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News