🔥 3-day streak
Microsoft Security Operations Analyst142 / 190
Question 142 of 190

Your organization uses a proprietary web application that writes JSON-formatted security events to a log file. You need to ingest these logs into Microsoft Sentinel into a custom table, but the raw JSON contains a verbose 'debug_payload' field that inflates ingestion costs and provides no analytic value. You want to drop that field before the data is stored, while keeping all other fields. What is the most cost-effective way to accomplish this?

Reviewed for accuracy · Report an issueNext question