Jan 29 2020 08:53 AM
Hello community,
anyone who could point me with some information on regards reviewing logs on sentinel?
Idea will be to identify logs from a onprem virtual machine running Windows 2008.
Sentinel agent has been succesfully deployed and configured, however I'm not able to identify events regarding this vm.
thanks in advance,
luciano
Jan 29 2020 09:19 AM
1st - how long ago was the agent installed?
2nd - check to see make sure the agent is configured for the proper Log Analytics workspace.
3rd - which Data Connectors do you have enabled? The following support the agent:
4th - Have you completed the agent configuration for the Log Analytics workspace? Go into the Data blade in Advanced Settings for the Log Analytics Workspace assigned to Sentinel:
Jan 29 2020 10:31 AM
@lucianoARG One other thing you can look at is there a Heartbeat entry for the computers. This helps answers some of Rod Trent's questions he posted.