Forum Discussion
Solved
Sysmon log collection via Azure monitor agent (AMA)
Hi Team I have a quick question regarding Azure monitoring agent. I want to capture Sysmon logs from a Azure machine which has AMA extension installed and data collection rule set to all events....
- Updated blog post on this topic: https://jeffreyappel.nl/deploy-sysmon-and-collect-data-with-sentinel-and-the-ama-agent/
KenzProfile
Microsoft
MicrosoftSame question. Next year. It looks like you would have to configure some type of data collection rule (DCR) using xpath. Or some other coding. Has anybody done this? And yes, it appears far more complex with the AMA. Thanks, and I hope I am wrong.
A workaround to get the logs is to add - "Windows event log" configuration under the "Legacy agents managment" section of LA workspace. Check the screenshot below :
I am sure there are better ways via DCR to do this. 🙂
- Updated blog post on this topic: https://jeffreyappel.nl/deploy-sysmon-and-collect-data-with-sentinel-and-the-ama-agent/
- Great thanks for sharing 🙂
