Help Ingesting PingID Logs into Microsoft Sentinel

Hi colinc10,

Unfortunately, as far as i know, there isn't a direct data connector for PingID logs in Sentinel.

However, you can still ingest PingID logs by using Custom Logs in Sentinel. This involves setting up your PingID logs to send data to an Azure Log Analytics workspace.

First, you'll need to configure PingID to export its logs, typically through syslog or another supported protocol, and direct them to the Log Analytics workspace. Once the logs are in the workspace, you can set up a Custom Log in Sentinel to capture the data and parse it as needed. You may need to create a custom KQL query to properly format and search through these logs.

I had a similar case couple of years ago and reading the official documentation some of the guidance is now deprecated. (https://learn.microsoft.com/en-us/previous-versions/azure/sentinel/connect-custom-logs?tabs=DCG)

But hopefully it may give you an idea on how to work your way around.

Regards