Forum Discussion
Windows Firewall logs are enabled, but they do not show up in Sentinel
Hello, We have MMA agent installed on 26 windows server, but we are not getting into Sentinel. I can not see any table named "WindowsFirewall" either. Do the tables appear when data starts pour...
Logs configured as you have done, go into the Events Table
Event
| summarize count() by EventLog,
Have you looked here, this is how we ask you to configure this in Sentinel? https://docs.microsoft.com/en-us/azure/sentinel/connect-windows-firewall
CliveWatson Thanks a lot.
I have now removed the collection via event-logs and have now configured Data Connector for Windows Defender Firewall with Advanced Security. Should it take some time before I see logs coming in?
Would it also help in getting the map "Potential malicious events" to get live?
Thanks for your help Clive 🙂 Much appreciated.
That map shows up when you have data in at least one of these Tables:
W3CIISLogDnsEventsWireDataWindowsFirewallVMConnectionCommonSecurityLogto check:union isfuzzy=true W3CIISLog, DnsEvents, WireData, WindowsFirewall, VMConnection, CommonSecurityLog | summarize count() by Type