@hamzajeljeli The Azure Sentinel CEF will not be able to do anything, it just takes the information from McAfee and forwards the data along.   You would need to go into the McAfee product and see if it can send old logs to the CEF connector.

 

Keep in mind the Timestamp column in the CommonSecurityLog is when the data was RECEIVED, it may not be the same as when the data was created in the McAfee product.

www.000webhost.com