Forum Discussion
Windows Data Collector(instead of Linux) for Firewall Logs
Hi, I am planning in implementation of Azure Sentinel. As part of it it, I need to design a solution to forward firewall(Palo Alto) logs into sentinel. But the organization uses only Windows OS f...
Thanks, @Clive. Do you have any reference documentation that I could use to configure Firewall logs to Windows Event Logs ?
This will depend on how the product you use writes its logs, if they go to the Event Viewer on Windows then you can look at https://docs.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events , however these will probably be classed as Security Events, so you need to use ASC (see link) or you can use Azure Sentinel https://docs.microsoft.com/en-us/azure/sentinel/connect-windows-security-events?tabs=LAA