1,295 questions
Hi ppal,
Sadly F5 hasn't done much to improve their support for Sentinel.
What I'm seeing in google and youtube is likely the same stuff you're finding.
F5 BIG-IP - use cases for Sentinel
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 8%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Georgi Palazov
286
Reputation points
Hello,
We have integrated F5 BIG-IP for a customer, but there are no use cases for Sentinel. It didn't seem to have in the Content Hub, nor in GitHub.
Have anyone written any KQL for F5 BIG-IP?
The following tables seem to produce valuable information, imo:
Microsoft Security | Microsoft Sentinel
Accepted answer
-
David Broggy 6,371 Reputation points MVP Volunteer Moderator2022-10-18T03:27:33.91+00:00
1 additional answer
Sort by: Most helpful
-
Antony Millington 0 Reputation points2023-09-27T10:07:11.3733333+00:00 Hi Georgi,
yes F5 do have workbooks in the Content Hub. They cover system reporting, ASM and traffic statistics. The reporting from F5 into the Sentinel Log Analytics workspace is excellent though, so simple Kusto queries can give you most stuff you need to generate your own workbooks. You just need to make sure you have setup logging to Azure via Telemetry Streaming and that everything you need is being pushed to the log destination pointing to Azure.