Why are you configuring the NAT rules using Source Ports? if you want to use those NAT rules you can leave the source port as any since you will filter the access on the ACL.
You can use the client from github https://github.com/CiscoSecurity/fp-05-firepower-cli/tree/masteronce you install the client you can create an outputter in json or CEF format that will point to your filebeat. filebeat is able to parse json or CEF f...
in DCR in Azure Sentinel, you also need to match both the Facility and log level. I think the facility is LOG_USERyou can use Sentinel to summarize all the events that have informational level and identify all Info logs:use the below example:| summar...
You are not able to filter based on the severity logs on the estreamer config. (like info,critical etc).You should do this on the Azure side when you configure the Agent and Data Collection Rule.https://learn.microsoft.com/en-us/azure/sentinel/connec...