Manage data storage and query audit logs in Microsoft Sentinel
Intermediate
Security Engineer
Microsoft Sentinel
Microsoft Defender XDR
Azure Log Analytics
Azure Monitor
Microsoft Purview
Manage data storage in Microsoft Sentinel by creating custom log tables, configuring retention tiers and archive policies, and integrating Microsoft Purview Audit. Create tables for nonstandard data sources, apply Analytics and Archive retention tiers to meet compliance requirements, and query Purview Audit logs in the Microsoft Defender XDR portal.
Learning objectives
After completing this module, you'll be able to:
- Create custom log tables in a Microsoft Sentinel workspace to store nonstandard ingested data
- Configure data retention tiers and archive policies for Microsoft Sentinel tables
- Connect Microsoft Purview Audit as a data source in Microsoft Sentinel
- Query Purview Audit logs in the Microsoft Defender XDR portal
Prerequisites
- Experience setting up a Microsoft Sentinel workspace and connecting data sources
- Familiarity with Log Analytics workspaces and data collection rules (DCRs)
- Basic understanding of Microsoft Purview and Microsoft Purview concepts