I have a quick question regarding Azure monitoring agent. I want to capture Sysmon logs from a Azure machine which has AMA extension installed and data collection rule set to all events. I have downloaded Sysmon package and configured it on the machine, however is there a link to docs which i can follow to configure DCR (Rule) in Azure sentinel to allow Sysmon logs to be capture by AMA agent?
With LA agent its quite simple to do the same as i can just go to Agent configurations and add > Microsoft-Windows-Sysmon/Operational and logs and its all good. Am i missing something ?