creating additional/custom fields in "CommonSecurityLog" currently stored as e.g. "DeviceCustomString1"
Hi,
how can we achieve creating additional fields for logs being processed in "CommonSecurityLog" (https://video2.skills-academy.com/en-us/azure/azure-monitor/reference/tables/commonsecuritylog)? At the moment incoming data gets mapped to fields like "DeviceCustomString1" or "DeviceCustomString1Label" using CEF. Is it possible creating additional/custom fields in "CommonSecurityLog"?!
We try connecting Palo Alto Networks firewalling infrastructure to Azure Log Analytics / Sentinel exactly following the guide in Sentinel but we see a lot of incoming data being mapped to fields like "DeviceCustomString1" which don't have a characteristic name. (e.g. "Session ID" -> "DeviceCustomString1", Rule Name -> "DeviceCustomString2"). The real field names get stored in the label fields like "DeviceCustomString2Label".
Many thanks and really appreciate your help on that!!