Forum Discussion
Solved
CommonSecurityLog and DCR Table Tranformation
Hi all, I'm trying to filter incoming event coming from a firewall (Fortigate) into the CommonSecurityLog Table using DCR Transformation. The idea is FW-->AMA Agent--->DCR Transormation (filter me...
Hello HA13029,
Try the 4th step from here: (2) Filter & Split Firewall/CEF logs into multiple Sentinel tables (analytics/basic tier) to save in ingestion costs | LinkedIn
You can transform the logs in the DCR. Just edit it and add the KQL you mentioned in your question.
It should work well.
HA13029 hello,
not sure of your current exact setup, however have you checked the steps described in this documentation?
If I have answered your question, please mark your post as Solved
If you like my response, please consider giving it a like
