Jan 24 2021 05:31 PM
Hi
I want to sent evtx sample files to azure sentinel log analytics workspace. Can azure sentinel support winlogbeat. If not whats the easy solution to perform this.
GitHub - sbousseaden/EVTX-ATTACK-SAMPLES: Windows Events Attack Samples
These are logs i want to sent.
Jan 26 2021 09:45 AM
@le0li9ht Aren't these Windows Event logs? Can't you import them using the Microsoft Monitoring agent directly from the Event Hub?
Jan 26 2021 09:48 AM
@Gary Bushey can you provide any resource for doing the same plz. Very new to event hubs
Jan 26 2021 10:19 AM
@le0li9ht Not an Azure Event Hub but rather the Microsoft Monitor agent allows you to gather events from windows computers. By default, only the Security event log will be ingested (with the Security Events data connector enabled), but if you go into Settings => Workspace Settings => Agents configuration you can add other Windows event logs that you want to ingest, like Application, Setup, and System.
Jan 26 2021 10:33 AM
@Gary Bushey I want to clarify one thing here that i dont want my windows system event logs to be sent out to azure sentinel. I want to send only those event log files which are from github repo. only those. Is that possible with the solution you provided me with.