Hi,
is there an easy way to send logs to Azure Sentinel? Has anyone tried to output logs to TCP Syslog and use CEF connector on Sentinel’s side? Or maybe a plugin to push it through Azure Event Hub?
Hello && Welcome
Personally I have not but we do work with MS Azure.
There are a couple different Output available you could try.
With the enterprise version (under 5Gb day) its free . Maybe one of those Outputs might work for you.
Yes, I am thinking about TCP Syslog and connecting with CEF connector on Sentinel’s side.
Hello,
From the picture I showed above, perhaps try a Forwarder Output on your Stream
I believe this for a Enterprise license. I personal haven’t forward logs to another different remote device
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.