cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Sample Data from Community GitHub to Sentinel

cygeo
Copper Contributor

‎Jun 21 2021 03:53 AM

‎Jun 21 2021 03:53 AM

Sample Data from Community GitHub to Sentinel

Hi, what’s the easiest way to ingest the sample csv/json files found at https://github.com/Azure/Azure-Sentinel/tree/master/Sample%20Data to my Sentinel instance please? Mainly interested in the CEF and Custom samples.

2,884 Views
0 Likes
2 Replies
Reply
2 Replies
pemontto

‎Jun 21 2021 11:09 AM

‎Jun 21 2021 11:09 AM

Re: Sample Data from Community GitHub to Sentinel

Easiest way would be to use the PowerShell upload script here - https://docs.microsoft.com/en-us/azure/sentinel/create-custom-connector#connect-with-powershell. Obviously using Import-Csv and Import-Json where relevant.

The problem for CEF data is that you can only use the API/PowerShell to upload to custom tables. So the data won't show up in the CommonSecurityLog table. The only way I know to get those logs into the correct table is unfortunately complex. It requires setting up an OMS agent on a linux host, and configuring rsyslog to ingest those files and forward them to the OMS agent.
1 Like
Reply
cygeo

‎Jun 21 2021 11:59 AM

‎Jun 21 2021 11:59 AM

Re: Sample Data from Community GitHub to Sentinel

Thank you, I will try the PowerShell script! :)

I do have a linux host with the OMS agent but couldn't figure out how to correctly add the files to syslog. I've tried something like logger -f sampledata.json -t CEF but that didn't work :(
0 Likes
Reply