Jun 30 2022 03:58 AM
Hello,
We have integrated F5 (WAF Firewall) and Palo Alto firewall with Microsoft Sentinel, using CEF Collector, the Logs received in the server of CEF collector are have all the values of events as we see using tcpdump to capture that logs, but when trying to see that logs in CommonSecurityLogs table, there are some fields missing like ExternalId of event linked with Firewall, which is important for referencing the event in Sentinel with event in Firewall.
Is there any method to fetch these missing field, i'm thinking the out of box connector using logic app can implement this, but i want to ask if there is another method for that.
Thank you
Jun 30 2022 07:23 AM
Jul 03 2022 02:27 AM