cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to forward evtx files to azure sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-2092399%22%20slang%3D%22en-US%22%3EHow%20to%20forward%20evtx%20files%20to%20azure%20sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2092399%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20to%20sent%20evtx%20sample%20files%20to%20azure%20sentinel%20log%20analytics%20workspace.%20Can%20azure%20sentinel%20support%20winlogbeat.%20If%20not%20whats%20the%20easy%20solution%20to%20perform%20this.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fsbousseaden%2FEVTX-ATTACK-SAMPLES%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EGitHub%20-%20sbousseaden%2FEVTX-ATTACK-SAMPLES%3A%20Windows%20Events%20Attack%20Samples%3C%2FA%3E%3C%2FP%3E%3CP%3EThese%20are%20logs%20i%20want%20to%20sent.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2098617%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20forward%20evtx%20files%20to%20azure%20sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2098617%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F760684%22%20target%3D%22_blank%22%3E%40le0li9ht%3C%2FA%3E%26nbsp%3BAren't%20these%20Windows%20Event%20logs%3F%26nbsp%3B%20Can't%20you%20import%20them%20using%20the%20Microsoft%20Monitoring%20agent%20directly%20from%20the%20Event%20Hub%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2098625%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20forward%20evtx%20files%20to%20azure%20sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2098625%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F46875%22%20target%3D%22_blank%22%3E%40Gary%20Bushey%3C%2FA%3E%26nbsp%3B%20can%20you%20provide%20any%20resource%20for%20doing%20the%20same%20plz.%20Very%20new%20to%20event%20hubs%3C%2FP%3E%3C%2FLINGO-BODY%3E
le0li9ht
New Contributor

‎Jan 24 2021 05:31 PM

‎Jan 24 2021 05:31 PM

How to forward evtx files to azure sentinel

Hi

 

I want to sent evtx sample files to azure sentinel log analytics workspace. Can azure sentinel support winlogbeat. If not whats the easy solution to perform this.

GitHub - sbousseaden/EVTX-ATTACK-SAMPLES: Windows Events Attack Samples

These are logs i want to sent.

 

211 Views
0 Likes
5 Replies
Reply
5 Replies
Gary Bushey

‎Jan 26 2021 09:45 AM

‎Jan 26 2021 09:45 AM

Re: How to forward evtx files to azure sentinel

@le0li9ht Aren't these Windows Event logs?  Can't you import them using the Microsoft Monitoring agent directly from the Event Hub? 

0 Likes
Reply
le0li9ht

‎Jan 26 2021 09:48 AM

‎Jan 26 2021 09:48 AM

Re: How to forward evtx files to azure sentinel

@Gary Bushey  can you provide any resource for doing the same plz. Very new to event hubs

0 Likes
Reply
Gary Bushey

‎Jan 26 2021 10:19 AM

‎Jan 26 2021 10:19 AM

Re: How to forward evtx files to azure sentinel

@le0li9ht Not an Azure Event Hub but rather the Microsoft Monitor agent allows you to gather events from windows computers.   By default, only the Security event log will be ingested (with the Security Events data connector enabled), but if you go into Settings => Workspace Settings => Agents configuration  you can add other Windows event logs that you want to ingest, like Application, Setup, and System.

0 Likes
Reply
le0li9ht

‎Jan 26 2021 10:33 AM

‎Jan 26 2021 10:33 AM

Re: How to forward evtx files to azure sentinel

@Gary Bushey I want to clarify one thing here that i dont want my windows system event logs to be sent out to azure sentinel. I want to send only those event log files which are from github repo. only those. Is that possible with the solution you provided me with.

0 Likes
Reply
le0li9ht

‎Jan 27 2021 10:17 AM

‎Jan 27 2021 10:17 AM

Re: How to forward evtx files to azure sentinel

Any update on this?

0 Likes
Reply