Onboarding Ivanti Application Control logs to Azure Sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-2820299%22%20slang%3D%22en-US%22%3EOnboarding%20Ivanti%20Application%20Control%20logs%20to%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2820299%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3CBR%20%2F%3EJust%20wondering%20if%20anyone%20has%20onboarded%20%3CA%20title%3D%22Ivanti%20Application%20Control%22%20href%3D%22https%3A%2F%2Fwww.ivanti.com.au%2Fproducts%2Fapplication-control%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%22Ivanti%20Application%20Control%20%22%3C%2FA%3E%20logs%20to%20Azure%20Sentinel%3F%3CBR%20%2F%3E%3CBR%20%2F%3E-Log%20source%20is%26nbsp%3B%20on-prem%20(No%20cloud%20presence%2C%20neither%20a%20connector%20available%20in%20Sentinel)%3CBR%20%2F%3E-Product%20does%20not%20support%20Syslog%20or%20CEF%3CBR%20%2F%3E-To%20extract%20logs%20from%20central%20management%20server%20you%20can%20use%20a%20data%20base%20query%20(DbConnect%20in%20Splunk%20World)%3CBR%20%2F%3EOR%3CBR%20%2F%3E-To%20extract%20logs%20from%20clients%20you%20can%20extract%20logs%20from%20every%20client%20in%26nbsp%3B%20either%20XML%20or%20CSV%20format%3CBR%20%2F%3E%3CBR%20%2F%3EHas%20anyone%20on-boarded%20these%20logs%20before%20or%20have%20any%20suggestions%20%3F%3CBR%20%2F%3EThank%20you%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Regular Visitor

Hi all,
Just wondering if anyone has onboarded "Ivanti Application Control " logs to Azure Sentinel?

-Log source is  on-prem (No cloud presence, neither a connector available in Sentinel)
-Product does not support Syslog or CEF
-To extract logs from central management server you can use a data base query (DbConnect in Splunk World)
OR
-To extract logs from clients you can extract logs from every client in  either XML or CSV format

Has anyone on-boarded these logs before or have any suggestions ?
Thank you



0 Replies