Forum Discussion
Integration with WAZUH (OSSEC)
Need help in integrating WAZUH (OSSEC) logs into Sentinel.
YanivSh
Microsoft
MicrosoftThis product support CEF output https://documentation.wazuh.com/3.10/user-manual/reference/ossec-conf/syslog-output.html?highlight=cef
So you should use sentinel CEF connector
https://docs.microsoft.com/en-us/azure/sentinel/connect-common-event-format https://techcommunity.microsoft.com/t5/Azure-Sentinel/Azure-Sentinel-The-Syslog-and-CEF-source-configuration-grand/ba-p/803891