SecureBytes

, ,

Configure to export data from Azure sentinel to Azure storage account

Published by

Sujit Mahakhud

on

Configure to export data from Azure sentinel to Azure storage account

Introduction

Exporting data in a Log Analytics workspace allows you to continuously send data from chosen tables to either an Azure Storage Account or Azure Event Hubs. This feature sends data directly to an Azure Monitor pipeline as it arrives.
This article offers a breakdown of this capability and instructions on setting up data export to Azure storage account in your workspaces.

How Log analytics workspace works with Azure sentinel

Data ingested into Azure Sentinel initially flows through a Log Analytics workspace, which serves as a central repository for data collection and storage.
This workspace acts as the starting point for all incoming data, whether it originates from on-premises sources, cloud services, or third-party solutions.
By channeling data through the Log Analytics workspace, organizations can streamline the process of data aggregation and management.

Moreover, organizations can utilize the Log Analytics workspace to export data to Azure Storage for further analysis and long-term storage.
This export functionality enables seamless integration with Azure Storage, allowing users to store data securely and efficiently.

Purpose of exporting data to Azure storage account

By configuring data export settings within the Log Analytics workspace, organizations can ensure that relevant data is sent to Azure Storage for archival purposes,
compliance requirements, or additional analysis using other Azure services. This capability enhances the versatility and scalability of the Log Analytics workspace,
empowering organizations to leverage their data effectively for various purposes. It is also a cost-effective way to store historical data.

Steps to configure to export data to Azure storage

  • Navigate to Log Analytics Workspace: From the Azure Portal’s navigation menu, locate and select “Log Analytics workspaces”
  • Select your Workspace: Choose the Log Analytics workspace associated with your Azure Sentinel deployment.
  • Navigate to Data Export: Within the Log Analytics workspace, locate and select the “Data Export” option. This is usually found in the settings menu.
  • New Export Rule: Within Data export click on “New export rule” to create a new rule.
  • Under Basic section: Provide a rule name for the data export rule.
  • Under Source section: Select the tables you want to export data to storage account.
  • Under Destination section: Provide the destination details like the Subscription name and Storage account name to which you want to export data.
  • Review + Create: In the “review + create” section, select “Create”.

Conclusion

Once you’ve followed the outlined steps, you’ll be able to seamlessly set up your Log Analytics Workspace to transmit historical log data from Azure Sentinel to Azure Storage.

Leave a comment

Hello,

I’m Sujit

Welcome to SecureBytes, my cozy corner of the internet where we explore the wonders of the online world. Join me on a journey of discovery, knowledge, and shared interests. Let’s navigate this digital realm together with curiosity and excitement. Ready to embark on this adventure? Let’s go!

Let’s connect

Join the fun!

Stay updated with our latest tutorials and ideas by joining our newsletter.

Recent posts