data connector issue Microsoft sentinel

Nimantha Deshappriya 21 Reputation points
2022-10-18T05:12:32.507+00:00

Checkpoint data connector was recently connected to Microsoft Sentinel.

I have now realized the duplicate events are coming from both syslog table and commonsecurity table.

251451-1.png

I want to stop syslogs event coming to sentinel and let it ingest via commonsecurity logs.

This above issue has resulted in high ingestion cost. Appreciate if you can share a prompt solution

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,019 questions
0 comments No comments
{count} votes

0 additional answers

Sort by: Most helpful