Forum Discussion
Solved
CommonSecurityLog and DCR Table Tranformation
Hi all, I'm trying to filter incoming event coming from a firewall (Fortigate) into the CommonSecurityLog Table using DCR Transformation. The idea is FW-->AMA Agent--->DCR Transormation (filter me...
Hello HA13029,
Try the 4th step from here: (2) Filter & Split Firewall/CEF logs into multiple Sentinel tables (analytics/basic tier) to save in ingestion costs | LinkedIn
You can transform the logs in the DCR. Just edit it and add the KQL you mentioned in your question.
It should work well.
Hello HA13029,
Try the 4th step from here: (2) Filter & Split Firewall/CEF logs into multiple Sentinel tables (analytics/basic tier) to save in ingestion costs | LinkedIn
You can transform the logs in the DCR. Just edit it and add the KQL you mentioned in your question.
It should work well.
Hi all,
First, thanks a lot for your help !
Filtering is working fine now !
Thanks again
HA
First, thanks a lot for your help !
Filtering is working fine now !
Thanks again
HA
