Forum Discussion
SQL logs delivered by AMA not normalized
Hello everyone, We have recently started ingesting more logs to our Sentinel PoC environment and it seems like the Azure Monitor Agent does not normalize the SQL logs from a windows server? is th...
Have you looked at the SQL Parser? https://github.com/Azure/Azure-Sentinel/blob/master/Parsers/SQLSever/SQLServer_Parser.txt If its not Audit Events you need you can use this as an example to build one