Forum Discussion
Duplication of events before ingesting
Good morning guys. I'm working on pointing the fw ASA logs to Sentinel. I realized that many logs are being sent with the same payload and time in 1 minute, reaching the point of some types of l...
HI
By default, Azure Sentinel does not support filtering pre ingestion. You could look into setting up something such as Logstash to filter the logs before they reach Azure Sentinel.
https://docs.microsoft.com/en-us/azure/sentinel/connect-logstash
By default, Azure Sentinel does not support filtering pre ingestion. You could look into setting up something such as Logstash to filter the logs before they reach Azure Sentinel.
https://docs.microsoft.com/en-us/azure/sentinel/connect-logstash