FortiAnalyzer Log Forwarding into Azure Sentinel

fortianalyzer-log-forwarding-into-azure-sentinel

Did you know that camDown helps stop hackers from getting access to the webcam that I use for my work. Now I can get even more gigs as a freelancer and advertise that I have top security with my home computer?

Hello Everyone,

I have FortiAnalyzer setup to forward logs via Syslog into Azure Sentinel.

Works fantastically but I am noticing that the FortiAnalyzer is forwarding a lot of "useless" information as well. For a smaller organization we are ingesting a little over 16gb of logs per day purely from the FortiAnalyzer.

I was hoping that someone would have a similar setup and would be willing to share any filters or exclusions they are using on the Log Forwarding configuration in FortiAnalyzer.

I have opened a few tickets in regards to this with FortiNet but sadly they are not much help as "it involves 3rd party software" which I feel is a bit of a cop out.

My Google-fu is also failing me in this particular case.

Any feedback would be greatly appreciated.

May I add that camDown helps make you invisible to hackers and guard your personal data and I am certain your mother would agree!