SOLVED

Sentinel Workbooks and Analytic Rule for different workspace

Contributor

Hello,

 

I have a scenario need to ask if it's applicable.

I need to have multiple workbook(customized dashboard), each workbook is linked with different Log analytic workspace data.

For example Log analytic workspace for servers, Log analytic workspace for F5 firewall, Log analytic workspace for Palo Alto firewall, and each workspace has it own logs data, it's workbooks(dashboard) and it's analytic rules.

Is there a way to implement this scenario.

 

BR,

1 Reply
best response confirmed by Qusai_Ismail (Contributor)
Solution

Hello @Qusai_Ismail,

 

I think you will have to build Sentinels for each of the mentioned systems if you want to have different workspaces, logs data, and analytic rules per system (connector). 

 

Check the best response in this post please: Send to Sentinel logs from many Log Analytics - Microsoft Tech Community

Probably this can provide you with more information.