Feb 26 2020 03:53 AM
Are there any plans to add the ability in Sentinel to ingest netflow logs directly? We're looking at Zscaler which will probably do this and then connect to Sentinel but is there a way to do this without a middleman solution?
Feb 26 2020 01:08 PM
@endakelly I don't work for MS so I have no more information than anyone else but I have not seen this mentioned in any of the webinars I have attended.
You can add this as a feature request here: https://feedback.azure.com/forums/920458-azure-sentinel
I did see a request for this in the Log Analytics feature request site: https://feedback.azure.com/forums/267889-azure-monitor-log-analytics/suggestions/19789957-ingestion-... although it is 2.5 years old and there are no comments about it from MS.
I am not familiar with Netflow but does it use SysLog or CEF in which case you would just add one of those data connectors to the server (or use an existing one).
Feb 28 2020 02:21 AM
Dec 03 2020 02:10 PM
@endakelly Any luck getting the Netflow data to sentinel? please let me know. thanks
Dec 08 2020 02:09 AM
@5andeep unfortunately not. It took a bit of a back seat and I've not looked at it since.
Can confirm Gary's observation that syslog only shows Cisco administrative events.