Firewalls Integration with Sentinel

Qusai_Ismail · ‎Jun 30 2022

Hello,

We have integrated F5 (WAF Firewall) and Palo Alto firewall with Microsoft Sentinel, using CEF Collector, the Logs received in the server of CEF collector are have all the values of events as we see using tcpdump to capture that logs, but when trying to see that logs in CommonSecurityLogs table, there are some fields missing like ExternalId of event linked with Firewall, which is important for referencing the event in Sentinel with event in Firewall.

Is there any method to fetch these missing field, i'm thinking the out of box connector using logic app can implement this, but i want to ask if there is another method for that.

Thank you

Clive_Watson · ‎Jun 30 2022

Have you checked in the AdditionalExtensions column, some data is often in there for you to parse?

Qusai_Ismail · ‎Jul 03 2022

Value in this column is "microservice=N/A"

Firewalls Integration with Sentinel

Firewalls Integration with Sentinel

Re: Firewalls Integration with Sentinel

Re: Firewalls Integration with Sentinel

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Firewalls Integration with Sentinel