Snapshot not working for continues export of Defender for Cloud

Bram 0 Reputation points
2024-04-04T12:50:53.2666667+00:00

Hi,

I have setup a continues export for Defender for Cloud as described in the following documentation to export all possible data to a Log Analytics workspace using streaming updates and snapshot. https://learn.microsoft.com/en-us/azure/defender-for-cloud/continuous-export?tabs=azure-portal

The streaming updates seems to work because there is a bit of data in the Log Analytics workspace about changes from the past week. But the snapshot doesn't seem to be working because it has been 8 days and there is no data of the things the I would expect to be in the export. Like the data of the things that haven't changed in the past 8 days since configuring the export. I have also checked that my time range of my queries in the Log Analytics workspace where not limited by 12 hours

User's image

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,855 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,201 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andrew Blumhardt 9,496 Reputation points Microsoft Employee
    2024-04-08T21:45:51.2266667+00:00

    Try running these KQL queries

    SecureScores
| where TimeGenerated > ago(30d)
| summarize count() by IsSnapshot

SecurityRecommendation
| where TimeGenerated > ago(30d)
| summarize count() by IsSnapshot