Microsoft
MicrosoftHi YanivSh,
I found your solution (Ingestion sample data as a service) a few weeks ago, and I think it is amazing, it's exactly what we are looking for in our detection engineering team for detection simulations.
I have followed your instructions, however, I do not see the sample in the dedicated table in Sentinel. The weird thing is that when I use the AkamaiSIEM sample (https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample Data/CEF/AkamaiSIEM.csv) it is showing in the CommonSecurityLog, however, any other sample does not.
I understand that it has been a while since you have developed this, but I was hoping that you, or someone else, might be able to have a quick look?
Troubleshooting steps I have tried:
1. I have made sure to test with different samples and use the related table (in alignment with the schema). I also tried to use the custom table option but with no success.
2. I have verified that the Runbook and Functionapp have the right permissions.
3. I have searched for errors in the CommonLogIngest jobs - no errors.
For example, see below success notification when trying to ingest a SecurityEvent sample you have linked in your article (the sample did not get to the SecurityEvent table in Sentinel).
I hope that you'll have the option to assist with this.
Thank you.
