Log server to foward logs to Sentinel

Hi, I'm starting our journey over Microsoft Sentinel and until now I really like it, so I would like to extend it's usage internally and even maybe reach the point where we would leave our actual SI...

siem

Clive_Watson
Aug 24, 2023
For testing I'd probably use ADX https://learn.microsoft.com/en-us/azure/sentinel/migration-ingestion-tool#azure-data-explorer (so I can use KQL). But I'd often have (and prefer) a test Sentinel workspace to try the ingestion, but stop the ingestion after a short amount of time to limit the cost and allow the use of https://learn.microsoft.com/en-us/azure/sentinel/data-transformation.

Clive_Watson

Bronze Contributor

Aug 24, 2023

For testing I'd probably use ADX https://learn.microsoft.com/en-us/azure/sentinel/migration-ingestion-tool#azure-data-explorer (so I can use KQL). But I'd often have (and prefer) a test Sentinel workspace to try the ingestion, but stop the ingestion after a short amount of time to limit the cost and allow the use of https://learn.microsoft.com/en-us/azure/sentinel/data-transformation.

dmarquesgn
Iron Contributor
Aug 25, 2023
Thanks, I'll take a look into it.

Forum Discussion

Log server to foward logs to Sentinel