How to forward evtx files to azure sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-2092399%22%20slang%3D%22en-US%22%3EHow%20to%20forward%20evtx%20files%20to%20azure%20sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2092399%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20to%20sent%20evtx%20sample%20files%20to%20azure%20sentinel%20log%20analytics%20workspace.%20Can%20azure%20sentinel%20support%20winlogbeat.%20If%20not%20whats%20the%20easy%20solution%20to%20perform%20this.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fsbousseaden%2FEVTX-ATTACK-SAMPLES%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EGitHub%20-%20sbousseaden%2FEVTX-ATTACK-SAMPLES%3A%20Windows%20Events%20Attack%20Samples%3C%2FA%3E%3C%2FP%3E%3CP%3EThese%20are%20logs%20i%20want%20to%20sent.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2098617%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20forward%20evtx%20files%20to%20azure%20sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2098617%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F760684%22%20target%3D%22_blank%22%3E%40le0li9ht%3C%2FA%3E%26nbsp%3BAren't%20these%20Windows%20Event%20logs%3F%26nbsp%3B%20Can't%20you%20import%20them%20using%20the%20Microsoft%20Monitoring%20agent%20directly%20from%20the%20Event%20Hub%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2098625%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20forward%20evtx%20files%20to%20azure%20sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2098625%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F46875%22%20target%3D%22_blank%22%3E%40Gary%20Bushey%3C%2FA%3E%26nbsp%3B%20can%20you%20provide%20any%20resource%20for%20doing%20the%20same%20plz.%20Very%20new%20to%20event%20hubs%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi

 

I want to sent evtx sample files to azure sentinel log analytics workspace. Can azure sentinel support winlogbeat. If not whats the easy solution to perform this.

GitHub - sbousseaden/EVTX-ATTACK-SAMPLES: Windows Events Attack Samples

These are logs i want to sent.

 

5 Replies

@le0li9ht Aren't these Windows Event logs?  Can't you import them using the Microsoft Monitoring agent directly from the Event Hub? 

@Gary Bushey  can you provide any resource for doing the same plz. Very new to event hubs

@le0li9ht Not an Azure Event Hub but rather the Microsoft Monitor agent allows you to gather events from windows computers.   By default, only the Security event log will be ingested (with the Security Events data connector enabled), but if you go into Settings => Workspace Settings => Agents configuration  you can add other Windows event logs that you want to ingest, like Application, Setup, and System.

@Gary Bushey I want to clarify one thing here that i dont want my windows system event logs to be sent out to azure sentinel. I want to send only those event log files which are from github repo. only those. Is that possible with the solution you provided me with.

Any update on this?