Event details

During Microsoft Secure you learned about the latest innovations around Microsoft's SIEM and XDR solution. Join this Ask Microsoft Anything (AMA) session to get your questions about Microsoft Sentine...
Trevor_Rusher
Updated Dec 27, 2024
siem
Tech Accelerator
xdr
Sreedhar_Ande's avatar
Sreedhar_Ande
Icon for Microsoft rankMicrosoft
Apr 13, 2023
To collect "Microsoft-Windows-Sysmon/Operational!*" to Logmanagement Events table, you can create a data collection rule (DCR) and associate it with the virtual machine.
Sean Kuchle's avatar
Sean Kuchle
Brass Contributor
Apr 13, 2023
Thank you
  • Sean Kuchle's avatar
    Sean Kuchle
    Brass Contributor
    Apr 13, 2023
    Just to note, I was originally creating the collection rule in Sentinel Data Connectors page but this does not give you any setting on where to send it. When I created a new DCR in Azure this allowed me to choose the right table, Azure Monitor Logs.