u/Nice_Bag3423

I'm trying to export a csv of all the incidents ever registered in Sentinel in my org. This covers 2+ years of Sentinel usage. I did some digging and it turns out you cannot export data from the Threat Mgmt > Incidents tab. You can however export a table of incidents from Log Analytics by SecurityIncident query (set the time frame to the earliest data possible).

So I did exactly that and set the display count to "max limit". Each time, the query only outputs a list going back 90 days in time. Is there a data retention limit in Log Analytics that doesn't allow you to view or export incidents longer than 90 days?

Is there any other way I can go about exporting ALL incidents registered in Sentinel?

Thanks!

Just to clarify, their refund policy states that you may "request a refund within 30 days from the date of purchase". This means that if I schedule the exam for a date 90 days in advance, I cannot get a refund after 30 days after the payment is made, right?

So is it recommended that you pay and schedule the exam only after you're ready, i.e., 30 days before you intend to take the exam? Otherwise, there's a risk of losing the fee if you can't take the exam for whatever reason? I'm new to PMI so not sure if this is a known piece of knowledge within this community.

Thanks!