Apr 01 2021 04:59 AM - edited Apr 01 2021 05:04 AM
Good morning guys.
I'm working on pointing the fw ASA logs to Sentinel.
I realized that many logs are being sent with the same payload and time in 1 minute, reaching the point of some types of logs being sent more than 30 identical events.
My question is, is there any Sentinel mechanism for summarizing events and before ingesting and not inputting duplicate events? I know QRadar does that.
If you have any answers, you are welcome. @
EX: If the client receives a DDoS attack on a device, will Sentinel summarize several logs and ingest only a few or will it ingest all of the logs?
If you have any answers, you are welcome. 🙂 @Gary Bushey @Thijs Lecomte @CliveWatson
Apr 03 2021 10:00 AM