Skip to main content Link Menu Expand (external link) Document Search Copy Copied
TechExcel Sentinel onboarding

Task 1.3: Configure Microsoft Sentinel to export data into the Storage account

In this task you’ll set up Microsoft Sentinel to export data into the storage account for long-term retention, improved security, and to allow integration with other Azure services improving data analytics and workflows.

The following document may help you complete this task.

  1. In the Azure search box, enter Log Analytics workspaces, and then select Log Analytics workspaces from the results.

  2. On the Log Analytics workspace page, select + Create.

    loganalyticsworkspacescreate.png

  3. On the Create Log Analytics workspaces page, complete the fields using the following table, then select Review + Create:

    Field Value
    Subscription Default: @lab.CloudSubscription.Name
    Resource Group @lab.CloudResourceGroup(RG1).Name
    Name loganalytics-workspace
    Region @lab.CloudResourceGroup(RG1).Location

  4. Once the validation has passed, select Create.

  5. Once the deployment has completed and you get a notification, select Go to resource.

    loganaliticsdeploymentcomplete.png

  6. In the loganalytics-workspace page, on the loganalytics-workspace menu, under Settings select Data export.

  7. On the Data export page, select + New export rule.

  8. On the Create export rule page, on the Basics tab, enter the rule name exporttostorage, then select Next.

  9. On the Source tab, select the Table name checkbox to select all the entries in the list.

    This list represents the data points you’d like to export.

    createexportrulesource.png

  10. Select Next.

  11. On the Destination tab, complete the fields using the table below and then select Next:

    Field Value
    Destination type Storage account
    Subscription @lab.CloudSubscription.Name
    Storage account genstor*

    createexportruledestination.png

  12. Select Create to create the export rule.