The externaldata () function can be used access data stored on an Azure Blob for looking up a dynamic list.
Click on the arrows to vote for the correct answer
A. B.Correct Answer: A.
Option A is correct.
The externaldata operator returns a table whose schema is defined in the query itself, and whose data is read from an external storage artifact, such as a blob in Azure Blob Storage or a file in Azure Data Lake Storage.
Reference:
The answer is A. True.
The externaldata() function is a feature of Azure Sentinel that allows you to query external data sources, including Azure Blobs, for use in log queries. This function can be used to look up dynamic lists, which are lists of values used in rules to identify specific events.
By using external data, you can keep your dynamic lists up to date without having to manually update them. For example, if you have a list of IP addresses that are known to be malicious, you can store this list in an Azure Blob and then use the externaldata() function in your log queries to retrieve the list and compare it to incoming log data.
To use the externaldata() function with an Azure Blob, you'll need to specify the path to the Blob container, the name of the Blob file, and the format of the data (such as CSV or JSON). You can also use parameters to filter the data returned by the function.
It's important to note that the externaldata() function requires the use of Azure Sentinel's data connector feature, which allows you to connect to external data sources and ingest data into your workspace. Without a data connector, you won't be able to access external data in your log queries.
In summary, the externaldata() function can be used to access data stored in an Azure Blob and is a powerful tool for creating dynamic lists and keeping them up to date.