Forum Discussion
How to forward evtx files to azure sentinel
GaryBushey can you provide any resource for doing the same plz. Very new to event hubs
le0li9ht Not an Azure Event Hub but rather the Microsoft Monitor agent allows you to gather events from windows computers. By default, only the Security event log will be ingested (with the Security Events data connector enabled), but if you go into Settings => Workspace Settings => Agents configuration you can add other Windows event logs that you want to ingest, like Application, Setup, and System.
GaryBushey I want to clarify one thing here that i dont want my windows system event logs to be sent out to azure sentinel. I want to send only those event log files which are from github repo. only those. Is that possible with the solution you provided me with.
Any update on this?
le0li9ht
There is a good article by Eli Slomo on how to ingest evtx files into Log Analytics and Azure.
Please let me know if this is of any help or if you have any other questions.
https://www.eshlomo.us/azure-sentinel-and-sysm0n-4-blue-teamers/
Maybe you are also interested in my Github project Sentinel-Playground for deploying an Azure Sentinel environment provisioned with logging data of different vendors like Cisco, Symantec, Aruba, etc.
https://github.com/securehats/sentinel-playground
