Jul 19 2020 03:06 AM
Has there emerged a common data dictionary for network connections or firewall logs? Consider a situation where you want to do analytics across network logs from a wide variety of devices. each device type logs with different names (or no names at all - e.g. pfSense logs as comma separated value with no headers). It makes sense to bring all logs to common data dictionary - same, common names.
Has anything like that emerged in Sentinel community?
Jul 19 2020 05:58 AM
@truekonrads : a normalized schema for network events is currently in private preview. You can join the preview program here: https://aka.ms/SecurityPrP