Forum Discussion
Ingest logs from specific event channels using the AMA
Hello everyone! We have recently implemented the https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-monitor feature. Now we are trying to ge...
You'll probably want to create a Data Collection rule or if you have an existing one your using to filter events on your machines that is using Custom option under the "Collect" option in the Data Collection Rule.
You would simple add these 2 queries to the DCR to bring in all logs for those.
Format for the query: LogName!XPathQuery
For the above you'd add these 2 queries in the DCR:
Microsoft-AzureADPasswordProtection-DCAgent/Admin!*
Microsoft-AzureADPasswordProtection-DCAgent/Operational!*
You would simple add these 2 queries to the DCR to bring in all logs for those.
Format for the query: LogName!XPathQuery
For the above you'd add these 2 queries in the DCR:
Microsoft-AzureADPasswordProtection-DCAgent/Admin!*
Microsoft-AzureADPasswordProtection-DCAgent/Operational!*