Forum Discussion
DCR xPath - Nomenclature modification?
Hello, I have a question regarding the custom (xPath) configuration when creating a DCR for Windows Security Events via AMA Below is the xPath I was using until now to exclude the following EventID...
Hello,
I had same problem, during conversation with Microsoft, we found workarround and it work for me, i follow this process https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Powershell%20scripts/Create%20AMA%20DCR%20for%20Security%20Events%20collection.
When i have lunch the script with my custom PathQuery, from sentinel i found my XPathQuery and link of DCR precedent created
I hope this link helps you