Aug 10 2021 11:11 PM
Hi Team
I have a quick question regarding Azure monitoring agent. I want to capture Sysmon logs from a Azure machine which has AMA extension installed and data collection rule set to all events. I have downloaded Sysmon package and configured it on the machine, however is there a link to docs which i can follow to configure DCR (Rule) in Azure sentinel to allow Sysmon logs to be capture by AMA agent?
With LA agent its quite simple to do the same as i can just go to Agent configurations and add > Microsoft-Windows-Sysmon/Operational and logs and its all good. Am i missing something ?
Thanks
Aug 17 2022 01:52 PM
Sep 29 2022 09:06 PM
A workaround to get the logs is to add - "Windows event log" configuration under the "Legacy agents managment" section of LA workspace. Check the screenshot below :
I am sure there are better ways via DCR to do this. :)
Oct 12 2022 12:56 AM
SolutionOct 12 2022 05:43 PM
Oct 12 2022 12:56 AM
Solution