How can we configure AMA agent on a VMSS to ingest data into Microsoft Sentinel?

Copper Contributor

How can we configure AMA agent on a VMSS to ingest data into Microsoft Sentinel? @CliveWatson 

6 Replies

@Sujit_Sj Hi, you can enable the below azure initiative on the subscription level 

 

Enable Azure Monitor for VMSS with Azure Monitoring Agent (AMA)

 

eliekarkafy_0-1693247946798.png

 

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.

this will just track , while i want to ingest security logs into azure sentinel for security monitoring@eliekarkafy 

@Sujit_Sj yes , then you need to install the data connector Windows Security Events

 

The Windows Security Events solution for Microsoft Sentinel allows you to ingest Security events from your Windows machines using the Windows Agent into Microsoft Sentinel. This solution includes two (2) data connectors to help ingest the logs.

  1. Windows Security Events via AMA - This data connector helps in ingesting Security Events logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent here. Microsoft recommends using this Data Connector.

  2. Security Events via Legacy Agent - This data connector helps in ingesting Security Events logs into your Log Analytics Workspace using the legacy Log Analytics agent.

eliekarkafy_1-1693289912904.png

 

 

This is not working. We tried installing AMA agent but after installing we cannot see the agent in the machine. @eliekarkafy 

@Sujit_Sj you have to install the agent using Azure extension framework.

 

vm-extensions-update-status.png

we tried it is not showing any result.