Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Raw Logs Extraction

Copper Contributor

Hello everybody, I'd like to understand if in Azure Sentinel exists any way to extract the raw logs, without any parsing or normalization, for example a full sysog like the following one and not the table with already extracted field (EventTime, Facility, SeverityLevel, Hostname, SyslogMessage):
<34>1 2020-10-11T22:14:15.003Z host.domain - example message

 

Thank you in advance for any hint.

1 Reply
I do not believe there is a way to do that inside of MS Sentinel since the data has already been parsed once it gets there. You may able to create a custom connector that can read the data from the Syslog server and save it in a custom table