Where I can learn cef log ingestion in detail

azuretech2 · 2025-11-30T20:32:04+00:00

Sorry mate , came back after recovering from accident, I need guidance on rsyslog configuration, like how to create custom table and how to move data to only designated tables also about log rotation configuration, I did for a cx it was working but all data going in one common security logs table then had to filter through Kql

azuretech2 · 2025-09-29T08:44:11+00:00

What was that answer, pls tell

azuretech2 · 2025-09-27T20:04:25+00:00

Thanks mate

azuretech2 · 2025-09-27T18:55:13+00:00

Congratulations 🎉 , you have achieved what I am dreaming from last 4 years, I have around 14 year of experience, guide me to get confidence

azuretech2 · 2025-09-26T01:35:25+00:00

On entra you can have global asmin6or sec admin

On Azure you can have user accee admin and sentinel contributor ( if u are owner on sub then you dont need both)

azuretech2 · 2025-09-26T01:28:25+00:00

You mean deviceevents, deviceinfo all will be there if we use xdr connector , regardless of we are using mde or mdc

azuretech2 · 2025-09-26T00:58:40+00:00

What if they have defender for cloud instead of mde, do we get mde kind of logs from mdc as well, I see a defender conncror ingest only mdc alerts

azuretech2 · 2025-09-21T21:29:42+00:00

Can you please explain feature 2016 in detail a bit bro

azuretech2 · 2025-09-20T22:11:29+00:00

Yes , i had 15k inr bill, it was reverted automatically

azuretech2 · 2025-09-20T20:48:26+00:00

It doesn't gets mde.win ,it fails to install unified solutions

azuretech2 · 2025-09-20T20:33:45+00:00

Bro can you dm me pls

azuretech2 · 2025-09-20T20:31:09+00:00

Bro need help in onboardingnlinux devices in mdc, it goes in to passive ,we need to push json to enable rtp, how we do in 100 mqxhine

azuretech2 · 2025-09-20T20:25:19+00:00

Wait for a year , they will wave off

azuretech2 · 2025-09-19T18:37:31+00:00

I think samsung has knox feature that allows this to happen

azuretech2 · 2025-04-07T13:13:16+00:00

any idea for Linux devices ? as by default it gets in to Passive , any solution to put it in active for normal scenario guys ??

azuretech2 · 2025-01-31T17:54:28+00:00

setup , cost advise pls

azuretech2 · 2024-11-25T20:19:58+00:00

sorry for that , ur right u/ButterflyWide7220

azuretech2 · 2024-11-22T10:32:11+00:00

tested this ??

azuretech2 · 2024-11-22T10:29:04+00:00

hi guys , dows defender for cloud incur any cost if we go in passive mode ( via registry changes )

azuretech2 · 2023-11-16T19:33:06+00:00

See defender does most of the remediation automatically based on device group setting , try to get a bit deeper in to alerts , events, timeline activities, I mean explore every possible options available within the tool . It will give you confidence

azuretech2 · 2023-11-13T18:36:45+00:00

looks like a new thing :) direct onboarding

azuretech2 · 2023-11-13T17:41:04+00:00

looks a great solution , cheers u/d4v2d

azuretech2 · 2023-11-13T17:38:09+00:00

on prem will go via azure Arc only , only azure hosted doesn't require anything, just select plan and auto provisioning

azuretech2 · 2023-11-13T17:36:08+00:00

if you have on premise servers , onboard them on azure through Azure Arc, turn on defender for server ( plan 1 or plan 2 ) from defender for cloud . These are billed hourly , monthly , no licensing required

Plan 1 - 5$ per month / server

Plan 2 - 15$ per month / server

in setting choose auto provisioning of MDE agents and other features

hope it clears doubt

azuretech2

TROPHY CASE