Forum Discussion
Security Event connector - Azure Sentinel
RaghavJain There's 2 connectors...
It sounds like the Legacy Agent is the one that you have connected. To provide filtering and to minimize the data that is sent, you have a couple options.
1. Use the Windows Security Events via AMA connector. This requires a different agent and also requires the ARC agent installed. But, once implemented you can be very specific about what you collect. That said, this is still something you don't want to deploy across all Windows devices - only servers, possibly.
2. There's also a new option, the On-Prem Security Monitoring for Sentinel (http://aka.ms/SentinelHybrid). This requires an active SCOM installation on-premises.
MicrosoftRaghavJain There's 2 connectors...
It sounds like the Legacy Agent is the one that you have connected. To provide filtering and to minimize the data that is sent, you have a couple options.
1. Use the Windows Security Events via AMA connector. This requires a different agent and also requires the ARC agent installed. But, once implemented you can be very specific about what you collect. That said, this is still something you don't want to deploy across all Windows devices - only servers, possibly.
2. There's also a new option, the On-Prem Security Monitoring for Sentinel (http://aka.ms/SentinelHybrid). This requires an active SCOM installation on-premises.
- Thank you for the detailed information. My main goal is to get those events for AzureAD join windows 10 laptops. This configuration has worked well for Azure VMs. Is my only option to get those logs from these Azure AD windows 10 devices using Azure Arc with AMA?
