Forum Discussion

Aman_Khan's avatar
Aman_Khan
Copper Contributor
Oct 07, 2021

Onboarding Ivanti Application Control logs to Azure Sentinel

Hi all,
Just wondering if anyone has onboarded "Ivanti Application Control " logs to Azure Sentinel?

-Log source is  on-prem (No cloud presence, neither a connector available in Sentinel)
-Product does not support Syslog or CEF
-To extract logs from central management server you can use a data base query (DbConnect in Splunk World)
OR
-To extract logs from clients you can extract logs from every client in  either XML or CSV format

Has anyone on-boarded these logs before or have any suggestions ?
Thank you



Resources