CEF logs CrowdStrike

%3CLINGO-SUB%20id%3D%22lingo-sub-1802604%22%20slang%3D%22en-US%22%3ECEF%20logs%20CrowdStrike%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1802604%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EI%20imported%20logs%20from%20CrowdStrike%20to%20Azure%20Sentinel.%20I%20see%20a%20large%20number%20of%20logs%20but%20what%20can%20I%20do%20next%3F%3C%2FP%3E%3CP%3EI%20want%20to%20be%20able%20to%20search%20by%20hosts%20in%20Entity%20Behavior%20and%20check%20all%20activities%20by%20the%20host%20but%20at%20this%20moment%20Entity%20Behavior%20has%20only%20from%20Controllers%20Domain%2C%20how%20can%20I%20save%20logs%20from%20log%20analytics%20CEF%20CrowdStrike%20to%20Entity%20Behavior%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1809560%22%20slang%3D%22en-US%22%3ERe%3A%20CEF%20logs%20CrowdStrike%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1809560%22%20slang%3D%22en-US%22%3EI%20assume%20you%20mean%20UEBA%3F%3CBR%20%2F%3EUEBA%20only%20supports%20a%20subset%20of%20data%20connectors%20as%20of%20now.%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi,

I imported logs from CrowdStrike to Azure Sentinel. I see a large number of logs but what can I do next?

I want to be able to search by hosts in Entity Behavior and check all activities by the host but at this moment Entity Behavior has only from Controllers Domain, how can I save logs from log analytics CEF CrowdStrike to Entity Behavior? 

 

1 Reply
I assume you mean UEBA?
UEBA only supports a subset of data connectors as of now.