Forum Discussion
Best practice to deal with Excessive Logoff and Logon events
Hi, Currently we are facing a situation where there are excessive Logon and Logoff events in Microsoft sentinel in the SecurityEvent table, causing high monthly costs. Can you please let me know...
Logon m log off messages r in SecuirtyEvent table no ingested through MMA agent
Standard DCRs, currently supported only for AMA-based connectors and workflows using the new Logs ingestion API.
https://learn.microsoft.com/en-us/azure/sentinel/data-transformation
The Logs Ingestion API can send data to the following Azure tables. Other tables may be added to this list as support for them is implemented.
- CommonSecurityLog
- SecurityEvents
- Syslog
- WindowsEvents
https://learn.microsoft.com/en-us/azure/azure-monitor/logs/logs-ingestion-api-overview
Use SecurityEvents table.