Forum Discussion
Send file based logs to Standard Sentinel table
can i send a file based logs from an onpremises server to standard sentinel table 'CommonSecurityLogs'
Log Location : On premises , Windows Server , C drive , 'sample.log'
- I'm not sure why you would unless these files are similar to the data you'd see in CEF (what's the use case). Take a look at the AMA (I've never tried this for a file / Windows) https://learn.microsoft.com/en-us/azure/sentinel/connect-cef-ama
- Thanks for the reference mate.!
My usecase is to add the CEF logs to CommonSecurityLog table so that i can create usecases based on a single table to capture all the activities.
MS documents says, AMA can be used to send data to the table Common security logs using DCR, Now where i couldn't find the How-to document
