how to use data transformation on the SecurityEvent table in Sentinel to drop events
David Broggy
5,716
Reputation points MVP
Hi there,
I'd like to use a data transformation to filter some events entering Sentinel.
The test I'm doing is with the SecurityEvent table.
I added this transformation:
source| where EventID <> 4688
However after waiting an hour I'm still seeing 4688 events in the SecurityEvent table.
Can someone tell me if this works or if I'm doing something wrong?
Thanks!
Sign in to answer