1,299 questions
Please see this (the screenshot) https://techcommunity.microsoft.com/t5/microsoft-sentinel/urgent-cef-syslog-duplication-issue/m-p/2474682
I hope this answers your question, if so please Accept
data connector issue Microsoft sentinel
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 45%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3END%3C/text%3E%3C/svg%3E)
Nimantha Deshappriya
21
Reputation points
Checkpoint data connector was recently connected to Microsoft Sentinel.
I have now realized the duplicate events are coming from both syslog table and commonsecurity table.
I want to stop syslogs event coming to sentinel and let it ingest via commonsecurity logs.
This above issue has resulted in high ingestion cost. Appreciate if you can share a prompt solution
Microsoft Security Microsoft Sentinel
Accepted answer
-
Clive Watson 7,866 Reputation points MVP Volunteer Moderator2022-10-18T08:31:40.767+00:00