"description": "Configure the facilities you want to collect and their severities. "linkType": "InstallAgentOnLinuxNonAzure " "description": "Download the agent on the relevant machine and follow the instructions. "title": "Install agent on a non-Azure Linux Machine ", "linkType": "InstallAgentOnLinuxVirtualMachine " "description": "Select the machine to install the agent on and then click **Connect**. "title": "Install agent on Azure Linux Virtual Machine ", "title": "Choose where to install the agent: ", \n\n> Syslog logs are collected only from **Linux** agents. "description": "Typically, you should install the agent on a different computer from the one on which the logs are generated. Install and onboard the agent for Linux ", () to use the Kusto function alias, **SymantecEndpointProtection** ", "description": ">This data connector depends on a parser based on a Kusto Function to work as expected. "description": "must be configured to export logs via Syslog " "name": "Symantec Endpoint Protection (SEP) ",
"permissionsDisplayText": "write permission is required. "provider": "Microsoft.OperationalInsights/workspaces ", "SymantecEndpointProtection \n | where TimeGenerated > ago(3d) \n |take 1 \n | project IsConnected = true " "lastDataReceivedQuery": "SymantecEndpointProtection \n | summarize Time = max(TimeGenerated) \n | where isnotempty(Time) "
"name": "Syslog (SymantecEndpointProtection) ", "query": "SymantecEndpointProtection \n | summarize count() by UserName \n| top 10 by count_ "
"query": "SymantecEndpointProtection \n | summarize count() by LogType \n| top 10 by count_ " "baseQuery": "SymantecEndpointProtection " Follow the steps to use this Kusto functions alias **SEP** in queries and workbooks. "additionalRequirementBanner": "These queries and workbooks are dependent on a parser based on a Kusto Function to work as expected. This gives you more insight into your organization's network and improves your security operation capabilities.
"descriptionMarkdown": "The () connector allows you to easily connect your SEP logs with Microsoft Sentinel. "title": "Symantec Endpoint Protection ",
0 kommentar(er)
