Forum Discussion
Excluding specific events from log analytics agent (Windows)
Hello everyone, We are in phase of creating a PoC to possibly replace our SIEM. So far I believe we have done a good job presenting capabilities of Sentinel. However, there is one main issue for ...
Rod_Trent
Microsoft
MicrosoftTo filter at the client, you'll need to use the new AMA client.
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-rule-azure-monitor-agent
For on-prem installations, the system must have Azure Arc installed and enabled.
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-rule-azure-monitor-agent
For on-prem installations, the system must have Azure Arc installed and enabled.
I believe this only applies to VM's on azure. I was talking about the on-premise servers. I checked your link but all I see is Azure Virtual Machines being mentioned.
- Rod_TrentYes, but if you read deeper, it talks about working for on-premises servers, but Azure Arc is required to be installed. I call it out a bit better at the bottom of my blog post: https://azurecloudai.blog/2021/06/14/how-to-limit-what-azure-sentinel-collects-from-windows-systems/