Add Azure Log Analytics Connection #44
Comments
|
+1 on this. This is a great little tool and I have been using it for Kusto Detective Agency! We ingest logs at work into LA/Sentinel and I'd love to be able to query those without opening up sentinel sometimes. You can technically add AI/LA workspaces to azure data explorer.. but our environment we can't create those clusters. For Kusto Detective Agency I it seems like you should be able to also connect to these sources/clusters directly. Query data in Azure Monitor using Azure Data Explorer explains how you can connect to a LA workspace which likely works - it's basically this URL: https://ade.loganalytics.io/subscriptions//resourcegroups//providers/microsoft.operationalinsights/workspaces/ everything after https://ade.loganalytics.io is just the resource ID of the Log Analytics workspace. It seems like this would be possible. I tried but there's clearly some error checking going on here that's being triggered |
|
+1. I wanted to bump this due to how prevalent Sentinel/LAW has become over the past several years. Having the ability to query Sentinel data would be an extremely positive benefit to the MANY security teams that rely on Sentinel in daily operations. Thank you @DonJayamanne for this extension, it has become a staple for querying data in ADX. |
Issue Type: Feature Request
Would be awesome if we could create an azure sentinel log analytics workspace connection.
The text was updated successfully, but these errors were encountered: