Aug 31 2021 05:08 AM
Hi there,
currently I'm struggling with the first tests in MCAS. I'm executing the tests in my DEV tenant or in a customer tenant. In both I have no possibility to use Defender for Endpoint. So I'm relying on the firewall logs.
So I already tested with the continuous logfile upload via logfile collector. But the results are never sufficient. I already found the troubleshooting guide for log parsing errors , but it is not helpful for an "internal error".
But I wondered, why are there so many firewalls without having the usernames in the Syslog beeing supported by MCAS?
Supported firewalls and proxies
Shouldn't be the username one of the main criteria to visualize senseful data in MCAS?
If you are able to successfully upload firewall data without usernames, how do the results look like?
Kind regards,
woelki
Dec 03 2021 10:06 AM