Forum Discussion
Send Filtered Firewall logs directly to Azure Data Explorer rather than Sentinel?
Hi there, We have a requirement where a customer has Palo Alto firewall which is integrated to Sentinel. The maximum ingestion is coming from "drop" and "end" events/logs. The client want to send th...
https://docs.microsoft.com/en-us/azure/architecture/solution-ideas/articles/monitor-azure-data-explorer and then use
https://docs.microsoft.com/en-us/azure/azure-monitor/logs/tutorial-ingestion-time-transformations to drop the data you dont want into Log Analytics (and Sentinel)
https://docs.microsoft.com/en-us/azure/azure-monitor/logs/tutorial-ingestion-time-transformations to drop the data you dont want into Log Analytics (and Sentinel)
Clive_Watson Thanks , it was really helpful, much appreciate your prompt response. I see the solution is currently in preview and I have already requested access to be added in my subscription and now waiting.
Thanks once again for the pointers.
Fahad.