Add a collector

Procedure

1. Go to Agentic SIEM & XDR → Data Source and Log Management → Third-party log repositories.
2. Create a new log repository or select an existing log repository.
3. On the Log repository panel, go to the Collectors tab and click Add collector.
   The Add collector screen appears.
4. Select the vendor, product, log format, and log timezone of the log source.

   Important Ingestion of log data from Third-Party Integrations may require additional configuration steps. Ingestion of log data from Microsoft Defender for Endpoint requires you to Enable Microsoft Defender for Endpoint Log Collection in the Features and Permissions for your Azure subscriptions in Cloud Accounts. After deploying the terraform script to your Azure subscription, the collector is automatically created.

5. Specify the collector name and description.
6. Select and configure API ingestion or Service Gateway ingestion as the log ingestion method.
7. Click Add.
   The collector is added to the log repository.
8. If desired, click Manage log filters in the collector details and configure log filters to enhance performance and data quality by preventing logs containing specified keywords from being collected.