You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/whats-new.md
+31Lines changed: 31 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -31,6 +31,8 @@ If you're looking for items older than six months, you'll find them in the [Arch
31
31
32
32
-[View Azure Purview data in Microsoft Sentinel](#view-azure-purview-data-in-microsoft-sentinel-public-preview)
33
33
-[Manually run playbooks based on the incident trigger (Public preview)](#manually-run-playbooks-based-on-the-incident-trigger-public-preview)
34
+
-[Search across long time spans in large datasets (public preview)](#search-across-long-time-spans-in-large-datasets-public-preview)
35
+
-[Restore archived logs from search (public preview)](#restore-archived-logs-from-search-public-preview)
34
36
35
37
### View Azure Purview data in Microsoft Sentinel (Public Preview)
36
38
@@ -50,6 +52,35 @@ For these and other reasons, Microsoft Sentinel now allows you to [**run playboo
50
52
51
53
Learn more about [running incident-trigger playbooks manually](tutorial-respond-threats-playbook.md#run-a-playbook-manually-on-an-incident).
52
54
55
+
### Search across long time spans in large datasets (public preview)
56
+
57
+
Use a search job when you start an investigation to find specific events in logs within a given time frame. You can search all your logs, filter through them, and look for events that match your criteria.
58
+
59
+
Search jobs are asynchronous queries that fetch records. The results are returned to a search table that's created in your Log Analytics workspace after you start the search job. The search job uses parallel processing to run the search across long time spans, in extremely large datasets. So search jobs don't impact the workspace's performance or availability.
60
+
61
+
Use search to find events in any of the following log types:
You can also search analytics or basic log data stored in [archived logs (preview)](../azure-monitor/logs/data-retention-archive.md).
67
+
68
+
For more information, see:
69
+
70
+
-[Start an investigation by searching large datasets (preview)](investigate-large-datasets.md)
71
+
-[Search across long time spans in large datasets (preview)](search-jobs.md)
72
+
73
+
For information about billing for basic logs or log data stored in archived logs, see [Plan costs for Microsoft Sentinel](billing.md#understand-the-full-billing-model-for-microsoft-sentinel).
74
+
75
+
### Restore archived logs from search (public preview)
76
+
77
+
When you need to do a full investigation on data stored in archived logs, restore a table from the **Search** page in Microsoft Sentinel. Specify a target table and time range for the data you want to restore. Within a few minutes, the log data is restored and available within the Log Analytics workspace. Then you can use the data in high-performance queries that support full KQL.
78
+
79
+
For more information, see:
80
+
81
+
-[Start an investigation by searching large datasets (preview)](investigate-large-datasets.md)
82
+
-[Restore archived logs from search (preview)](restore.md)
83
+
53
84
## January 2022
54
85
55
86
-[Support for MITRE ATT&CK techniques (Public preview)](#support-for-mitre-attck-techniques-public-preview)
0 commit comments