Forum Discussion

Iron Contributor

Jun 01, 2019

Solved

WEF forwarding to Azure Security Centre / Log Analytics

Hello - I am hoping this is possible and a viable option. I currently use Windows Event Forwarding (WEF) with Winlogbeat sending events off to Elasticsearch. Epic, this works great, why would i...

Log Analytics

microsoft sentinel

security

Ofer_Shezaf
Jun 16, 2019
AndrewX

WEF support is currently in preview and still has some limitations. Contact me directly if you would like to join, and we can discuss whether the current support would work for you.

As an alternative, you can continue to use CEF and winlogbeat and connect it to Sentinel using Logstash and the Logstash Log Analytics output plugin.

~ Ofer

AdamPRD

Copper Contributor

Dec 18, 2020

Hi Ofer_Shezaf what is a current status of it?

Ofer_Shezaf

Microsoft

Dec 20, 2020

AdamPRD : We have decided to move a head with the Azure Monitor Agent (AMA) version, and the current Log Analytics Agent (MMA) version will not become public.

AndrewX
Iron Contributor
Jun 01, 2021
Hi,

Twas Jun 01 2019, when i first asked the question, how are we going MS with the WEF support for AMA?
Ofer_Shezaf
Microsoft
Feb 01, 2021
I am not sure about the compete plans for the AMA. I focus on the Security use cases. Specifically for WEF, yet, as stated above, it would be supported by the AMA.
NW-SSP
Copper Contributor
Feb 01, 2021
Ofer_Shezaf the AMA is supposed to replace your 3 current agents, right? Reading security events is also a functionality of the new product. Can we expect the desired functionality: Forwarding events to LAW/Sentinel that are stored under 'ForwardedEvents' with the AMA?