Azure - Windows Security Events

%3CLINGO-SUB%20id%3D%22lingo-sub-2745893%22%20slang%3D%22en-US%22%3EAzure%20-%20Windows%20Security%20Events%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2745893%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20looking%20at%20options%20to%20monitor%20Azure%20VM%20OS%20security%20events%20and%20it%20seems%20that%20I%20have%20two%20options%3A%3C%2FP%3E%3CP%3EAzure%20Sentinel%20via%20a%20connector%20-%20see%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-windows-security-events%3Ftabs%3DLAA%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Elink%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAzure%20VM%20Diagnostics%2C%20which%20are%20ingested%20into%20a%20Storage%20Account%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBoth%20of%20these%20options%20would%20allow%20the%20collection%20of%26nbsp%3B%20the%20Security%20Events%20(audit%20success%20%2F%20failure)%3C%2FP%3E%3CP%3EI%20am%20aware%20that%20in%20the%20past%20I%20could%20have%20done%20this%20via%20Azure%20Defender%20as%20well%20under%20the%20data%20collection%20settings.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EI%20just%20want%20to%20ensure%20I%20have%20understood%20this%20correctly%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2745893%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EDiagnostic%20Logs%20%26amp%3B%20settings%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ELog%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Hi, 

I am looking at options to monitor Azure VM OS security events and it seems that I have two options:

Azure Sentinel via a connector - see link 

Azure VM Diagnostics, which are ingested into a Storage Account 

 

Both of these options would allow the collection of  the Security Events (audit success / failure)

I am aware that in the past I could have done this via Azure Defender as well under the data collection settings.  

I just want to ensure I have understood this correctly 

0 Replies