F5 BIG-IP connector for Microsoft Sentinel
The F5 firewall connector allows you to easily connect your F5 logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | F5Telemetry_LTM_CL F5Telemetry_system_CL F5Telemetry_ASM_CL |
| Data collection rules support | Not currently supported |
| Supported by | F5 Networks |
Query samples
Count how many LTM logs have been generated from different client IP addresses over time
F5Telemetry_LTM_CL
| summarize count() by client_ip_s, TimeGenerated
| sort by TimeGenerated
Present the System Telemetry host names
F5Telemetry_system_CL
| project hostname_s
| sort by TimeGenerated
Count how many ASM logs have been generated from different locations
F5Telemetry_ASM_CL
| summarize count() by geo_location_s
Vendor installation instructions
Configure and connect F5 BIGIP
To connect your F5 BIGIP, you have to post a JSON declaration to the system’s API endpoint. For instructions on how to do this, see Integrating the F5 BGIP with Microsoft Sentinel.
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for