Feb 07 2023 08:07 PM
I am trying to ingest the Sample data logs from the Azure GitHub repository, GitHub link (https://github.com/Azure/Azure-Sentinel/tree/master/Sample%20Data).
I am trying to ingest the Fortinet firewall logs in CEF format in the form of a CSV file, GitHub link (https://github.com/Azure/Azure-Sentinel/blob/master/Sample%20Data/CEF/FortinetFortiGate.csv ).
I see majorly the log files are either .csv or .jason format.
Can somebody help me in an easy way to ingest these Sample data logs to sentinel.
Thanks, Much Appreciated.
Feb 08 2023 03:03 AM
Feb 08 2023 03:19 AM
You can also use PowerShell to push a sample into its own table.
Resources for creating Microsoft Sentinel custom connectors | Microsoft Learn
Feb 13 2023 01:24 AM
Feb 14 2023 05:00 AM
Feb 14 2023 05:59 AM
I do not have experience with Github URLs.
Several times we used *.csv and *.log (text) files to ingest custom logs into Sentinel and it worked well.
This PowerShell command imports a PowerShell object into Sentinel, so if you can create a PowerShell object with data from the GitHub link, it will work.
Feb 15 2023 11:17 PM - edited Feb 20 2023 11:10 PM
I am not good with PowerShell.
I have done all the setup for the GUI based ingestion.
For AkamaiSIEM logs, i was able to ingest but not able to ingest any other one. I am Getting the same error as "PUT action failed" every time i try to run the Test.
Need help in resolving the issue. is there any limitation with the input here? is it only one input allowed per 24 hours or in a day ?
Feb 21 2023 12:43 AM