Closed ceritmustafa closed 1 year ago
github-actions[bot]
commented
3 years ago Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
v-rbajaj
commented
1 year ago @ceritmustafa Generally, it is the hostname. Check in log analytics what type of value is generating in computer attribute. As per my knowledge in case of Sophos XG we receive IP Address. So it recommented to use Server IP.
github-actions[bot]
commented
1 year ago Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
v-amolpatil
commented
1 year ago Since we have not received a response in the last 5 days, we are closing your issue #1210 as per our standard operating procedures. If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation.
github-actions[bot]
commented
1 year ago Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Do we need which to write here the syslog server or the IP address of the Sophos FW device?
Which one should we write? IP or hostname? @preetikr
For example: | where Computer in **("server1, server2**") and Facility == "local0"Originally posted by @ceritmustafa in https://github.com/Azure/Azure-Sentinel/issues/1008#issuecomment-715312058