Forum Discussion
Adding On-Prem Domain Controller Event Logs
We've added several sources (ASA, syslog, multiple Azure sources) .. what is the best way to get our on-prem domain controllers to feed into Sentinel?
A good way would be to use Azure ATP and connect Sentinel to that solution.
Additionally, you could install the on-prem Log Analytics agent:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-windows-computer