Forum Discussion
Azure Sentinel CEF Logs
We are having a problem with our log collector setup whereby CEF logs are not being parsed to the right columns. They also repeat in syslog. Firstly can you see anything wrong in the format? Secondly...
You may need a parser, examples for various products are here that you can get ideas from: https://github.com/Azure/Azure-Sentinel/tree/master/Parsers that wont help with duplication however.
Also see: ASIM https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-asim-file-activity-schema/ba-p/2609732 there is a link to this upcoming webcast and other info: Deep Dive into Azure Sentinel Normalizing Parsers and Normalized Content: next week, register here.
Also see: ASIM https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-asim-file-activity-schema/ba-p/2609732 there is a link to this upcoming webcast and other info: Deep Dive into Azure Sentinel Normalizing Parsers and Normalized Content: next week, register here.