Sample Data from Community GitHub to Sentinel

New Contributor

Hi, what’s the easiest way to ingest the sample csv/json files found at https://github.com/Azure/Azure-Sentinel/tree/master/Sample%20Data to my Sentinel instance please? Mainly interested in the CEF and Custom samples.

2 Replies
Easiest way would be to use the PowerShell upload script here - https://docs.microsoft.com/en-us/azure/sentinel/create-custom-connector#connect-with-powershell. Obviously using Import-Csv and Import-Json where relevant.

The problem for CEF data is that you can only use the API/PowerShell to upload to custom tables. So the data won't show up in the CommonSecurityLog table. The only way I know to get those logs into the correct table is unfortunately complex. It requires setting up an OMS agent on a linux host, and configuring rsyslog to ingest those files and forward them to the OMS agent.
Thank you, I will try the PowerShell script! :)

I do have a linux host with the OMS agent but couldn't figure out how to correctly add the files to syslog. I've tried something like logger -f sampledata.json -t CEF but that didn't work :(