Forum Discussion
Solved
Sysmon log collection via Azure monitor agent (AMA)
Hi Team I have a quick question regarding Azure monitoring agent. I want to capture Sysmon logs from a Azure machine which has AMA extension installed and data collection rule set to all events....
- Updated blog post on this topic: https://jeffreyappel.nl/deploy-sysmon-and-collect-data-with-sentinel-and-the-ama-agent/
A workaround to get the logs is to add - "Windows event log" configuration under the "Legacy agents managment" section of LA workspace. Check the screenshot below :
I am sure there are better ways via DCR to do this. 🙂
Updated blog post on this topic: https://jeffreyappel.nl/deploy-sysmon-and-collect-data-with-sentinel-and-the-ama-agent/
- Great thanks for sharing 🙂