Sentinel Github repository's sample data

%3CLINGO-SUB%20id%3D%22lingo-sub-2921211%22%20slang%3D%22en-US%22%3ESentinel%20Github%20repository's%20sample%20data%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2921211%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20do%20we%20ingest%20some%20of%20the%20sample%20data%20that%20is%20in%20the%20Azure%20Sentinel's%20GitHub%20repository%3F%26nbsp%3B%20In%20particular%20the%20Syslog%20and%20CEF%20data.%26nbsp%3B%20They%20are%20stored%20as%20JSON%20and%20CSV%20files%20but%20if%20I%20use%20the%20REST%20API%20or%20PowerShell%20commands%2C%20can%20I%20write%20directly%20to%20Syslog%20or%20CommonSecurityLog%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Valued Contributor

How do we ingest some of the sample data that is in the Azure Sentinel's GitHub repository?  In particular the Syslog and CEF data.  They are stored as JSON and CSV files but if I use the REST API or PowerShell commands, can I write directly to Syslog or CommonSecurityLog?

1 Reply
Writing to native tables isn't supported (being investigated), you have to use Custom Tables - _CL.
I often use sample data in a Watchlist, so CSV is good for that.