Which tables can I send to the Sentinel data lake?
Is the Data Lake layer based on the same mechanism as archived logs stored long-term in a Log Analytics workspace?
Also, is it more cost-effective to store logs in the Data Lake layer?
If there are advantages in terms of long-term retention and lower cost, I’d like to consider proposing it to our customers.
Does this mean that I still need ADX if I want to keep DeviceTvmCertificateInfo data beyond the analytics tier retention period?
Steve - I used this a while back to send them to Sentinel (Log Analytics) with this https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/M365Defender-VulnerabilityManagement
Is the Data Lake layer based on the same mechanism as archived logs stored long-term in a Log Analytics workspace?
Also, is it more cost-effective to store logs in the Data Lake layer?
If there are advantages in terms of long-term retention and lower cost, I’d like to consider proposing it to our customers.
Does this mean that I still need ADX if I want to keep DeviceTvmCertificateInfo data beyond the analytics tier retention period?
Steve - I used this a while back to send them to Sentinel (Log Analytics) with this https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/M365Defender-VulnerabilityManagement