Log Collection using a Log Analytics Agent from a Windows Event Collector

%3CLINGO-SUB%20id%3D%22lingo-sub-1458216%22%20slang%3D%22en-US%22%3ELog%20Collection%20using%20a%20Log%20Analytics%20Agent%20from%20a%20Windows%20Event%20Collector%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1458216%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20collect%20Security%20events%20from%20multiple%20windows%20hosts%2C%20a%20Windows%20Event%20Collector%20has%20been%20set%20up%20in%20the%20environment%20that%20we%20want%20to%20monitor.%20Can%20we%20forward%20all%20events%20from%20this%20collector%20using%20a%20Sentinel%20agent%3F%20If%20so%2C%20is%20there%20an%20additional%20way%20to%20filter%20the%20events%20forwarded%2C%20except%20for%20the%20standard%20set%20of%20options%20(minimal%2C%20full%2C%20recommended)%2C%20for%20example%20based%20on%20original%20host%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1462649%22%20slang%3D%22en-US%22%3ERe%3A%20Log%20Collection%20using%20a%20Log%20Analytics%20Agent%20from%20a%20Windows%20Event%20Collector%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1462649%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F697265%22%20target%3D%22_blank%22%3E%40csmits%3C%2FA%3E%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ESupport%20for%20WEF%20is%20in%20private%20preview%2C%20to%20explore%20it%20and%20provide%20feedback%2C%20%3CSPAN%3EJoin%20our%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FSecurityPrP%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%20data-cke-saved-href%3D%22%2Fteams%2FAzureSentinelProductInfo%2FSitePages%2FAzure-Sentinel-General-FAQ.aspx%23my-customer-or-i-want-to-join-a-private-preview%22%3EPrivate%20Previews%3C%2FA%3E%3CSPAN%3E%26nbsp%3Bprogram.%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3EA%20new%20generation%20of%20the%20Log%20Analtytics%20agent%20that%20will%20suppport%20filtering%20is%20also%20expected%20to%20start%20preview%20in%20the%20next%20few%20months.%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hi,

 

To collect Security events from multiple windows hosts, a Windows Event Collector has been set up in the environment that we want to monitor. Can we forward all events from this collector using a Sentinel agent? If so, is there an additional way to filter the events forwarded, except for the standard set of options (minimal, full, recommended), for example based on original host?

 

Thanks in advance!

1 Reply
Highlighted

@csmits:

  • Support for WEF is in private preview, to explore it and provide feedback, Join our Private Previews program.
  • A new generation of the Log Analtytics agent that will suppport filtering is also expected to start preview in the next few months.