Forum Discussion
Help to write KQL for some of the use case
Hi Team, Please help me to write a KQL for below scenario. Log sources are (Palo alto, checkpoint, F5, Citrix, Akamai, Vectra, oracle, Linux) Use case - Source sending more events than usual...
Noted that all of the queries are deployed in splunk and need to migrate to Sentinel, your best bet would be to utilize the SIEM migration tool specifically use case migrator:
https://learn.microsoft.com/en-us/azure/sentinel/siem-migration#translate-splunk-detection-rules