Checking ingested data in Log Analytics workspaces

Views:

Alert data ingested by Microsoft Sentinel is stored in Log Analytics workspaces.

Important

An empty Log Analytics workspace indicates that no new alerts were created after the connector was successfully deployed. The connector does not pull preexisting alert data from Trend Vision One.

Procedure

Go to Log Analytics workspaces → {your_workspace} → General → Logs.
In the Tables tab under Custom Logs, verify that the TrendMicro_XDR_CL or TrendMicro_XDR_OAT_CL table exists.

This table should exist if alerts were created in Trend Vision One after the connector was successfully deployed.
Click Run to run the query and view the data.