Integrating the F5 BIGIP with Azure Sentinel

So here’s the deal; I have a few F5 BIG-IP VEs deployed across the globe protecting my cloud-hosted applications. It sure would be nice if there was a way to send all that event and statistical data ...
Published Jun 12, 2019
Version 1.0
application delivery
ASM Advanced WAF
Azure
cloud
Randyj's avatar
Randyj
Icon for Nimbostratus rankNimbostratus
Sep 26, 2019

It appears that Sentinel has deprecated the use of 'Dashboards, in favor of 'Workbooks'. I note there is a 'F5 BIG-IP ASM' workbook available, however, it appears that one of the 'Required data types' (F5Telemetry_LTM_CL) is not included in the logging we've setup by following this article .

 

Data types shown in my 'Custom Logs' node in my Log Analytics workspace are:

  •  
  • F5Telemetry_ASM_CL
    •  
  • F5Telemetry_clientSslProfiles_CL
    •  
  • F5Telemetry_deviceGroups_CL
    •  
  • F5Telemetry_httpProfiles_CL
    •  
  • F5Telemetry_iRules_CL
    •  
  • F5Telemetry_ltmPolicies_CL
    •  
  • F5Telemetry_networkTunnels_CL
    •  
  • F5Telemetry_pools_CL
    •  
  • F5Telemetry_serverSslProfiles_CL
    •  
  • F5Telemetry_sslCerts_CL
    •  
  • F5Telemetry_system_CL
    •  
  • F5Telemetry_telemetryEventCategory_CL
    •  
  • F5Telemetry_telemetryServiceInfo_CL
    •  
  • F5Telemetry_virtualServers_CL

Any thoughts on how further configure, or troubleshoot ?