Forum Discussion
Solved
Onboarding Ivanti Application Control logs to Azure Sentinel
Hi all, Just wondering if anyone has onboarded "Ivanti Application Control " logs to Azure Sentinel? -Log source is on-prem (No cloud presence, neither a connector available in Sentinel) -Produ...
- Ended up forwarding Ivanti Logs to a Window Event Collector server:
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/forward-on-premises-windows-security-event-logs-to-microsoft/ba-p/3040784
In my case filtered to only event IDs pertaining to AppSense i.e. 9*** .eg.
"ForwardedEvents!*[System[(EventID=9000)]]"
Ended up forwarding Ivanti Logs to a Window Event Collector server:
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/forward-on-premises-windows-security-event-logs-to-microsoft/ba-p/3040784
In my case filtered to only event IDs pertaining to AppSense i.e. 9*** .eg.
"ForwardedEvents!*[System[(EventID=9000)]]"
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/forward-on-premises-windows-security-event-logs-to-microsoft/ba-p/3040784
In my case filtered to only event IDs pertaining to AppSense i.e. 9*** .eg.
"ForwardedEvents!*[System[(EventID=9000)]]"
