Feb 18 2021 09:02 AM
Hi
I have a use case where customer don't want to install any MMA agent on their machines/NEs to collect the data due to some security reason so how do we address such situation and what is the work around?
my understanding i should go for syslog forwarded/CEF to collect the on premises logs from different sources and send it to Azure sentinel over 443 or via private connect. could any one can suggest if this will work or any workable solution. Thanks a lot
Feb 19 2021 03:24 AM
Feb 19 2021 08:01 AM
Feb 22 2021 01:07 PM
@kausiktsi : as @CliveWatson stated, remove collection is currently possible only for Linux and other systems supporting Syslog (which would exclude Windows). See here for details. Remote collection for Windows is planned in the near future.