Today, I’d like to talk about using Microsoft Sentinel and address a common question that many teams have when they are starting to work with the Sentinel SIEM/SOAR solution….Part 1 of How do I create incidents to test with?
Let’s take a look at setting data ingestion caps in an Azure Log Analytics workspace today. There are different reasons why we may want to limit the data coming into our storage account, today we look at both setting the data cap, and alerting us when that data cap is reached through Azure Monitor alerting.
A log analytics workspace is an environment that is made especially for storing log data. This can be Azure Monitor, or other diagnostic log data. We’ll cover a few different uses for log analytics data in this article and how to get data into your workspace. Know that each workspace has it’s own data repository, configuration, and data sources. Join me as I take a look at deploying a log analytics workspace today!
Log Analytics workspaces provide a special way to store log data from multiple sources such as Microsoft Defender for Cloud, Azure Monitor, and so much more. A workspace typically combines data from multiple services and likely has it’s own distinct configuration for retention. I get a lot of questions about what the differences between workspaces within the Log Analytics scope are and why we would use them. Let’s take a look today at some of the information around Microsoft Azure Log Analytics Workspaces.
Today we look at configuring a custom retention period for AzureActivity and Usage data tables in Log Analytics workspaces. This allows us to keep only the data we want for the exact retention period that is needed.
A summary update on Azure news that includes updates released from Microsoft Azure related to Azure, Architecture, Compute, and Sentinel topics. Save time digging around to find recent releases and changes. Released March 13th. Great updates and sunny days on the way!