The Azure Sentinel community is absolutely the best! If you haven’t seen this yet, you should jump into your Workbooks blade in Azure Sentinel and locate a new, community gifted Workbook called “ADXvsLA” or Azure Data Explorer versus Log Analytics.
To help maximize value and make data storage more cost efficient, you can create processes to export Azure Sentinel data to long term storage after the 90 day free retention period is up. This will get easier in the future, but for now see the following for ways to accomplish this: Moving Azure Sentinel Data to ADX for Long Term Storage.
For those using ADX as a long-term storage solution, this new Workbook is intended to help get better understanding of the data that is being retained in both solutions.
The description reads:
This workbook shows the tables from Azure Sentinel which are backed up in ADX. It also provides a comparison between the entries in the Azure Sentinel tables and the ADX tables. Lastly some general information about the queries and ingestion on ADX is shown.
Take a look. Let me know what you think.
=========================
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Azure Sentinel Newsletter]
You must log in to post a comment.