Forum Discussion

AndrewX's avatar
AndrewX
Iron Contributor
Jun 01, 2019
Solved

WEF forwarding to Azure Security Centre / Log Analytics

Hello - I am hoping this is possible and a viable option.   I currently use Windows Event Forwarding (WEF) with Winlogbeat sending events off to Elasticsearch. Epic, this works great, why would i...
Log Analytics
microsoft sentinel
security
  • Ofer_Shezaf's avatar
    Ofer_Shezaf
    Jun 16, 2019

    AndrewX 

     

    WEF support is currently in preview and still has some limitations. Contact me directly if you would like to join, and we can discuss whether the current support would work for you.

     

    As an alternative, you can continue to use CEF and winlogbeat and connect it to Sentinel using Logstash and the Logstash Log Analytics output plugin.

     

    ~ Ofer

NW-SSP's avatar
NW-SSP
Copper Contributor
Feb 01, 2021

Ofer_Shezaf the AMA is supposed to replace your 3 current agents, right? Reading security events is also a functionality of the new product. Can we expect the desired functionality: Forwarding events to LAW/Sentinel that are stored under 'ForwardedEvents' with the AMA?

Ofer_Shezaf's avatar
Ofer_Shezaf
Icon for Microsoft rankMicrosoft
Feb 01, 2021
I am not sure about the compete plans for the AMA. I focus on the Security use cases. Specifically for WEF, yet, as stated above, it would be supported by the AMA.
  • AndrewX's avatar
    AndrewX
    Iron Contributor
    Jun 01, 2021
    Hi,

    Twas Jun 01 2019, when i first asked the question, how are we going MS with the WEF support for AMA?

Resources