Microsoft Secure Tech Accelerator
Apr 13 2023, 07:00 AM - 12:00 PM (PDT)
Microsoft Tech Community

Sentinel Github repository's sample data

Valued Contributor

How do we ingest some of the sample data that is in the Azure Sentinel's GitHub repository?  In particular the Syslog and CEF data.  They are stored as JSON and CSV files but if I use the REST API or PowerShell commands, can I write directly to Syslog or CommonSecurityLog?

1 Reply
Writing to native tables isn't supported (being investigated), you have to use Custom Tables - _CL.
I often use sample data in a Watchlist, so CSV is good for that.