Forum Discussion
Ingesting Sample data Log from GitHub repo to Sentinel
I am trying to ingest the Sample data logs from the Azure GitHub repository, GitHub link (https://github.com/Azure/Azure-Sentinel/tree/master/Sample%20Data).
I am trying to ingest the Fortinet firewall logs in CEF format in the form of a CSV file, GitHub link (https://github.com/Azure/Azure-Sentinel/blob/master/Sample%20Data/CEF/FortinetFortiGate.csv ).
I see majorly the log files are either .csv or .jason format.
Can somebody help me in an easy way to ingest these Sample data logs to sentinel.
Thanks, Much Appreciated.
7 Replies
You can also use PowerShell to push a sample into its own table.
Resources for creating Microsoft Sentinel custom connectors | Microsoft Learn
- I did try this option and it worked. However, after entering the respective GitHub URL of the sample log data, and running the Test, I am getting an error as "PUT action failed".
the sample log path from GitHub I am trying to ingest is: https://github.com/Azure/Azure-Sentinel/blob/master/Sample%20Data/CEF/Forcepoint%20Cloud%20Security%20Gateway.csv
Upon running the Test, getting an error as "PUT action failed". Also, if I click on the Ingest, i am getting the same error.
please guide further on this.I do not have experience with Github URLs.
Several times we used *.csv and *.log (text) files to ingest custom logs into Sentinel and it worked well.
This PowerShell command imports a PowerShell object into Sentinel, so if you can create a PowerShell object with data from the GitHub link, it will work.
- CSV files can be ingested as a Watchlist, as an alternative. You will then query the watchlist rather than a Table.
Also see https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/new-ingestion-sampledata-as-a-service-solution-for-a-great-demos/ba-p/3598500- Working on this. Let me see.
