Blog Post

Microsoft Sentinel Blog

4 MIN READ

Best Practices for Common Event Format (CEF) collection in Azure Sentinel

Microsoft

Nov 19, 2019

By Nicholas DiCola & Cristhofer Romeo Munoz What is CEF collection? Most network and security systems support either Syslog or CEF (which stands for Common Event Format) over Syslog as me...

Updated Nov 02, 2021

Version 9.0

Microsoft

Joined October 16, 2017

View Profile

Microsoft Sentinel Blog

Microsoft Sentinel is an industry-leading SIEM & AI-first platform powering agentic defense across the entire security ecosystem.

Joseph-Abraham

Brass Contributor

Jul 15, 2020

Cristhofer Munoz @Ofer_Shezaf Since the syslog server will store data locally first in plain text, there is a security risk of it being edited/accessed.

Is there a solution to this? we had a query on this requirement

In case of splunk and some other siems there is an option to send the syslog directly to splunk/others over a tcp port which then ingests, encrypts and handles the data.

https://docs.splunk.com/Documentation/Splunk/7.1.3/Data/Monitornetworkports