Is there a way to run a KQL query that uses Sentinel data tables using the Sentinel Plugin or is there a way that someone is querying log data, for example, to get authentication log data for a specific user from a set of IPs?
I do not believe the Sentinel plugin can do this, but we have another plugin that might be able to:
I think on the backend all the logs are stored and fetched using the same API.
Sweet. I will check it out and see if that works. Thank you!