Forum Discussion
Ingesting logs to Sentinel - Detection Summary Events
Hello,
I wounder if anyone could help me out, I have set up an OMS agent on a virtual VM with logs ingesting in from CrowdStrike. Detection summary Events are appearing in the Logs however with little information about the detection in the table. In PowerShell using the cmd 'cat /var/log/syslog | grep DetectionSummaryEvent' I can see the detection coming through with all the information listed but this is not appearing on the tables in Microsoft Sentinel Logs. Any guidance would be a really big help!
Thanks!
2 Replies
cfulbrook When you get Crowdstrike data from the Solution provided in Sentinel - it arrives in Syslog and needs a Parser - maybe take a look and see if you can adjust or use this for use with the VM you have?
Azure-Sentinel/CrowdstrikeFalconEventStream.txt at 4ad195f4fe6fdbc66fb8469120381e8277ebed81 · Azure/Azure-Sentinel (github.com)- Thanks Clive!
