Jul 12 2022 12:57 PM
Hi there,
We have a requirement where a customer has Palo Alto firewall which is integrated to Sentinel. The maximum ingestion is coming from "drop" and "end" events/logs. The client want to send these logs directly to Azure Data Explorer rather than sentinel, since sending them to Sentinel will incur excessive cost, also these events add little value interms of security alerting.
Whats the best way to filter and directly send these two categories of logs directly to Azure Data Explorer rather than sentinel? Note: We want to sent other events to sentinel but not the two mentioned above.
Any help will be appreciated.
Thanks
Fahad.
Jul 13 2022 01:00 AM
Jul 13 2022 11:16 AM - edited Jul 13 2022 11:17 AM
@Clive_Watson Thanks , it was really helpful, much appreciate your prompt response. I see the solution is currently in preview and I have already requested access to be added in my subscription and now waiting.
Thanks once again for the pointers.
Fahad.
Jul 13 2022 12:05 PM
Jul 13 2022 03:02 PM