Oct 06 2021 06:25 PM
Hi all,
Just wondering if anyone has onboarded "Ivanti Application Control " logs to Azure Sentinel?
-Log source is on-prem (No cloud presence, neither a connector available in Sentinel)
-Product does not support Syslog or CEF
-To extract logs from central management server you can use a data base query (DbConnect in Splunk World)
OR
-To extract logs from clients you can extract logs from every client in either XML or CSV format
Has anyone on-boarded these logs before or have any suggestions ?
Thank you
Sep 12 2022 11:09 PM
SolutionJan 31 2023 05:27 AM
@Aman_Khan - Can you elaborate on this please as we have a requirement to do this. Ivanti doesnt write to eventlogs it keeps it in the Management Database? How are you forwarding / filtering these logs please? Any help appreciated.