Forum Discussion
should I use collector if I have lots of computers? BEST practice
assuming that i run a soc center (MSSP) and i want to collect logs from many computers, should I onboard them on azure and connect them directly to sentinel or is it better to use collector?
* I know that I need collector in case I have firewall ...etc. but I'm talking about computers (laptops, desktops) *
2 Replies
- This could be a "it depends" answer, if they are computers that are 'not' Internet connected you will have to use a Gateway (Log Analytics Gateway) or some Log Forwarder anyway. If they are internet connected (maybe managed by Defender for Cloud) you can go direct to each (unless there is a reason not to). You probably need a plan, design and test for both
- well yeah all of these devices are connected to the internet but I was wondering if the collector add any extra value in anyway
