Forum Discussion

abon13's avatar
abon13
Brass Contributor
Jun 13, 2023
Solved

Custom log table having two timestamps in Sentinel

Hi,   Signal Science logs are flowing into Sentinel under a custom table and this table ends up generating two stamps (both are few hours apart).  The Signal science logs are ingested using a custo...
azure
Log Data
siem
solutions
  • Clive_Watson's avatar
    Clive_Watson
    Jun 13, 2023
    These are probably Function Apps - look for "Function app" in the Azure Portal. Then select the Function App --> Functions --> select the specific function --> Code & test (which allows you to see the code).

    ingestion_time() and TimeGenerated are the two main Timestamps - why you have others the function app (hopefully) will explain that or look at the schema, if Signal have a page on that?

Clive_Watson's avatar
Clive_Watson
Bronze Contributor
Jun 13, 2023
These are probably Function Apps - look for "Function app" in the Azure Portal. Then select the Function App --> Functions --> select the specific function --> Code & test (which allows you to see the code).

ingestion_time() and TimeGenerated are the two main Timestamps - why you have others the function app (hopefully) will explain that or look at the schema, if Signal have a page on that?

  • abon13's avatar
    abon13
    Brass Contributor
    Jun 15, 2023
    Thanks for the response. I got the functions.
    Are SentinelAppIngestion and SentinelAppProcessing some of the default functions in Sentinel ?

Resources