Hi everyone,

Pretty new to sentinel and ueba.
i have ingested 3rd party logs into Sentinel via syslog connector. One field contains AD-related context that I want to map to UEBA use cases.

Questions:

• How do I map these custom logs to UEBA entities?
• Any documentation or samples for mapping syslog data to UEBA?
• Do I need to normalize the AD field to a specific schema first?

seek any guidence.