Forum Discussion
Common data dictionary for network connections
Hello,
Has there emerged a common data dictionary for network connections or firewall logs? Consider a situation where you want to do analytics across network logs from a wide variety of devices. each device type logs with different names (or no names at all - e.g. pfSense logs as comma separated value with no headers). It makes sense to bring all logs to common data dictionary - same, common names.
Has anything like that emerged in Sentinel community?
- Ofer_Shezaf
Microsoft
truekonrads : a normalized schema for network events is currently in private preview. You can join the preview program here: https://aka.ms/SecurityPrP
