Sysmon log collection via Azure monitor agent (AMA)

Senior Member

Hi Team 


I have a quick question regarding Azure monitoring agent. I want to capture Sysmon logs from a Azure machine which has AMA extension installed and data collection rule set to all events. I have downloaded Sysmon package and configured it on the machine, however is there a link to docs which i can follow to configure DCR (Rule) in Azure sentinel to allow Sysmon logs to be capture by AMA agent? 

With LA agent its quite simple to do the same as i can just go to Agent configurations and add >  Microsoft-Windows-Sysmon/Operational and logs and its all good. Am i missing something ?




0 Replies