Export and Import Saved Queries and Functions from one Sentinel Workspace to Another

Tshabalala, Sifiso S 20 Reputation points
2024-02-02T11:59:22.0733333+00:00

What are the ways to export and import Saved Queries and Functions from one sentinel workspace to another? The only reference I have is this one: https://techcommunity.microsoft.com/t5/microsoft-sentinel/export-and-import-saved-queries-and-functions-from-one-sentinel/m-p/1910930

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,265 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
976 questions
0 comments
Accepted answer
  1. Clive Watson 5,711 Reputation points MVP
    2024-02-05T10:34:53.07+00:00

    Have you considered Query packs? Depending on your use case these can be handy especially if you dont need to do it programmatically or at large scale (e.g. good to copy from one to another, but if you need to copy to 100's of workspaces you may choose the API route).

    https://learn.microsoft.com/en-us/azure/azure-monitor/logs/query-packs
    Often overlooked in the UI:
    User's image

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest