[00:15] Agenda [01:15] Ingestion-time transformations overview [01:15] Ingestion-time transformations for standard tables [04:15] Sentinel's data flow before I-T T [06:12] Sentinel's data flow with I-T T [08:17] (What is a) Data Collection Rule (DCR) [10:56] Ingestion-Time Transformations Scenario's [11:10] I-T T Filtering: Scenario 1 [15:48] I-T T Filtering: Scenario 2 [18:13] Enrichtment/Tagging [21:29] Demo - adding the enrichtment transformation KQL [23:05] PII Masking/Obfuscation [27:33] Data Collection Rule based ingestion for custom logs [28:59] Demo Data Collection Rule based ingestion for custom logs [31:30] New Logstash Plugin (coming soon) [32:18] Demo scenario - aggregation with Logstash [36:26] Migration from Custom Logs v1 [38:34] Microsoft Sentinel Data Connectors - Ingestion Time Transformations Support [40:31] Ingestion Time Transformations Advantages [42:10] Resources & next steps [43:40] Q&A
