Forum Discussion
Aman_Khan
Oct 07, 2021Copper Contributor
Onboarding Ivanti Application Control logs to Azure Sentinel
Hi all, Just wondering if anyone has onboarded "Ivanti Application Control " logs to Azure Sentinel? -Log source is on-prem (No cloud presence, neither a connector available in Sentinel) -Produ...
- Sep 13, 2022Ended up forwarding Ivanti Logs to a Window Event Collector server:
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/forward-on-premises-windows-security-event-logs-to-microsoft/ba-p/3040784
In my case filtered to only event IDs pertaining to AppSense i.e. 9*** .eg.
"ForwardedEvents!*[System[(EventID=9000)]]"
Aman_Khan
Sep 13, 2022Copper Contributor
Ended up forwarding Ivanti Logs to a Window Event Collector server:
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/forward-on-premises-windows-security-event-logs-to-microsoft/ba-p/3040784
In my case filtered to only event IDs pertaining to AppSense i.e. 9*** .eg.
"ForwardedEvents!*[System[(EventID=9000)]]"
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/forward-on-premises-windows-security-event-logs-to-microsoft/ba-p/3040784
In my case filtered to only event IDs pertaining to AppSense i.e. 9*** .eg.
"ForwardedEvents!*[System[(EventID=9000)]]"