SQL logs delivered by AMA not normalized

Contributor

Hello everyone,

 

We have recently started ingesting more logs to our Sentinel PoC environment and it seems like the Azure Monitor Agent does not normalize the SQL logs from a windows server? is there a workaround to this?

 

Ciyaresh_0-1659972228380.png

 

1 Reply
Have you looked at the SQL Parser? https://github.com/Azure/Azure-Sentinel/blob/master/Parsers/SQLSever/SQLServer_Parser.txt If its not Audit Events you need you can use this as an example to build one