🔍 Common Event Format (CEF) via AMA
🔍 Discovered: This item was discovered by scanning the solution folder but is not listed in the Solution JSON file.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | CefAma |
| Publisher | Microsoft |
| Used in Solutions | Common Event Format |
| Collection Method | AMA |
| Connector Definition Files | CEF%20AMA.JSON |
Common Event Format (CEF) is an industry standard format on top of Syslog messages, used by many security vendors to allow event interoperability among different platforms. By connecting your CEF logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log. For more information, see the Microsoft Sentinel documentation.
Additional Information
📖 Related Documentation: CEF and CommonSecurityLog field mapping - Maps CEF field names to CommonSecurityLog column names
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
CommonSecurityLog |
✓ | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace data sources (Workspace): read and write permissions.
Custom Permissions:
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Enable data collection rule
CEF Events logs are collected only from Linux agents. - Configure CefAma data connector
- Create data collection rule
2. Run the following command to install and apply the CEF collector:
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊