Dec 19 2020 03:12 AM
I have been exploring sentinel for quite some time now but I'm unable to figure out how to see the raw logs coming out from different sources. We can see it on different SIEM solutions like Qradar/splunk.
To explain better: I wanna see what logs have come in from a specific machine in last 1 hour.
Dec 20 2020 07:31 AM
@yaniys04 I do not believe the raw logs coming via Syslog or CEF are stored anywhere. You can write your queries to be able to see the information coming from individual machines as long as that information is being passed in.