I've got new servers with Server 2022. I've got Azure Arc setup and they are receiving all security logs Windows Security Events via AMA. I would also like to send the Sysmon logs to Sentinel. I've done this in the past using the legacy Agent and it seems like the logs end up in the Logmanagement Events table. For the new servers I added a rule to the Windows Security Events via AMA connector to collect "Microsoft-Windows-Sysmon/Operational!*". This seems to pull in the events but they are going to the Sentinel SecurityEvent table. This is throwing off all the parcers as they are looking in the events table. I've tried changing the resource group on the rule to Sentinel and "LogAnalyticsDefaultResources" but it does not seem to make a difference. (Does this matter for anything?) My question is am I setting it up the Sysmon collection correctly?. And if I am how do I get the logs to the event table so the parsers work correctly.