I do have to correct myself here so when I talked about ADX not supporting custom log sources that’s not entirely true, so if you use Data Export (in public preview) to Azure Data Explorer this won’t allow custom tables support (yet) If you send Data to Azure Sentinel AND Azure Data Explorer in parallel then this DOES support custom tables, just be mindful of data duplication and again costs for ADX , any further questions please don’t hesitate to drop a comment :)

Thanks for the video.. It was very informative... I just want to know if we use Azure Blob storage for data retention you said we cant use KQL queries.. but can we connect Blob storage to sentinel using data connector and run KQL on that data..? Thanks in advance..

Please come up with "how to crack Sentinel interview?"