cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Ingesting Sample data Log from GitHub repo to Sentinel

mujju016
Copper Contributor

‎Feb 07 2023 08:07 PM

‎Feb 07 2023 08:07 PM

Ingesting Sample data Log from GitHub repo to Sentinel

I am trying to ingest the Sample data logs from the Azure GitHub repository, GitHub link (https://github.com/Azure/Azure-Sentinel/tree/master/Sample%20Data)

 

I am trying to ingest the Fortinet firewall logs in CEF format in the form of a CSV file, GitHub link  (https://github.com/Azure/Azure-Sentinel/blob/master/Sample%20Data/CEF/FortinetFortiGate.csv ).

 

I see majorly the log files are either .csv or .jason format. 

 

Can somebody help me in an easy way to ingest these Sample data logs to sentinel. 

 

Thanks, Much Appreciated. 

Labels:
1,903 Views
0 Likes
7 Replies
Reply
7 Replies
Clive_Watson

‎Feb 08 2023 03:03 AM

‎Feb 08 2023 03:03 AM

Re: Ingesting Sample data Log from GitHub repo to Sentinel

CSV files can be ingested as a Watchlist, as an alternative. You will then query the watchlist rather than a Table.

Also see https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/new-ingestion-sampledata-as-a-service...
1 Like
Reply
mikhailf

‎Feb 08 2023 03:19 AM

‎Feb 08 2023 03:19 AM

Re: Ingesting Sample data Log from GitHub repo to Sentinel

@mujju016 

 

You can also use PowerShell to push a sample into its own table.

Resources for creating Microsoft Sentinel custom connectors | Microsoft Learn

0 Likes
Reply
mujju016

‎Feb 13 2023 01:24 AM

‎Feb 13 2023 01:24 AM

Re: Ingesting Sample data Log from GitHub repo to Sentinel

Working on this. Let me see.
0 Likes
Reply
mujju016

‎Feb 14 2023 05:00 AM

‎Feb 14 2023 05:00 AM

Re: Ingesting Sample data Log from GitHub repo to Sentinel

I did try this option and it worked. However, after entering the respective GitHub URL of the sample log data, and running the Test, I am getting an error as "PUT action failed".

the sample log path from GitHub I am trying to ingest is: https://github.com/Azure/Azure-Sentinel/blob/master/Sample%20Data/CEF/Forcepoint%20Cloud%20Security%...

Upon running the Test, getting an error as "PUT action failed". Also, if I click on the Ingest, i am getting the same error.

please guide further on this.


0 Likes
Reply
mikhailf

‎Feb 14 2023 05:59 AM

‎Feb 14 2023 05:59 AM

Re: Ingesting Sample data Log from GitHub repo to Sentinel

@mujju016

I do not have experience with Github URLs. 

Several times we used *.csv and *.log (text) files to ingest custom logs into Sentinel and it worked well.

This PowerShell command imports a PowerShell object into Sentinel, so if you can create a PowerShell object with data from the GitHub link, it will work.

 

0 Likes
Reply
mujju016

‎Feb 15 2023 11:17 PM - edited ‎Feb 20 2023 11:10 PM

‎Feb 15 2023 11:17 PM - edited ‎Feb 20 2023 11:10 PM

Re: Ingesting Sample data Log from GitHub repo to Sentinel

I am not good with PowerShell.

I have done all the setup for the GUI based ingestion.
For AkamaiSIEM logs, i was able to ingest but not able to ingest any other one. I am Getting the same error as "PUT action failed" every time i try to run the Test.

Need help in resolving the issue. is there any limitation with the input here? is it only one input allowed per 24 hours or in a day ?

0 Likes
Reply
mikhailf

‎Feb 21 2023 12:43 AM

‎Feb 21 2023 12:43 AM

Re: Ingesting Sample data Log from GitHub repo to Sentinel

There is no input limitation. You can ingest logs once a day or every 10 minutes.
0 Likes
Reply