Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,065 questions
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Checkpoint data connector was recently connected to Microsoft Sentinel.
I have now realized the duplicate events are coming from both syslog table and commonsecurity table.
I want to stop syslogs event coming to sentinel and let it ingest via commonsecurity logs.
This above issue has resulted in high ingestion cost. Appreciate if you can share a prompt solution
Please see this (the screenshot) https://techcommunity.microsoft.com/t5/microsoft-sentinel/urgent-cef-syslog-duplication-issue/m-p/2474682
I hope this answers your question, if so please Accept