By Simone Oor

Introduction

Exporting your logs from Sentinel or Log Analytics to Azure storage account blobs gives you low-cost long-term retention, as well as benefits such as immutability for legal hold, and geographical redundancy.

But in the event of an incident, or perhaps a legal case, you may need the data archived away in those storage account blobs to help the investigation.

Team during investigation

How do you go about retrieving and analyzing that data? This blog will answer exactly that question. Hint, it does involve an Azure Data Explorer cluster. I will also briefly explain how data ends up in those blobs in the first place.

Read the full post here: How to use Log Analytics log data exported to Storage Accounts

​By Simone Oor
 
Introduction
Exporting your logs from Sentinel or Log Analytics to Azure storage account blobs gives you low-cost long-term retention, as well as benefits such as immutability for legal hold, and geographical redundancy.
 
But in the event of an incident, or perhaps a legal case, you may need the data archived away in those storage account blobs to help the investigation.
 

 
Team during investigation
 
How do you go about retrieving and analyzing that data? This blog will answer exactly that question. Hint, it does involve an Azure Data Explorer cluster. I will also briefly explain how data ends up in those blobs in the first place.
 
Read the full post here: How to use Log Analytics log data exported to Storage Accounts  Read More

​