We are new to sentinel, and we have integrated Pulse secure VPN logs to our sentinel through syslog and we see some logs coming in. We would like to know the below:
1) We are seeing very minimal attributes in the logs, please refer to the screen shot below. How to enable additional attributes?
2) We are trying to see if we have most common rules enabled like multiple logon failures. Etc. Which we do not see anywhere. Is there a way to enable those rules or download them or website which helps us to write the rules?
3) We are using FortiSIEM as our SIEM, is there a way we can translate the rules from FortiSIEM to sentinel KQL language? Any third-party software which transforms XML format to KQL query without errors? We are ready to buy. Also is there any consulting team who can help us?
4) We have also set up a Linux server and installed AMA on it to send Syslog to Sentinel.