Sysmon log collection via Azure monitor agent (AMA)

Senior Member

Hi Team 

 

I have a quick question regarding Azure monitoring agent. I want to capture Sysmon logs from a Azure machine which has AMA extension installed and data collection rule set to all events. I have downloaded Sysmon package and configured it on the machine, however is there a link to docs which i can follow to configure DCR (Rule) in Azure sentinel to allow Sysmon logs to be capture by AMA agent? 

With LA agent its quite simple to do the same as i can just go to Agent configurations and add >  Microsoft-Windows-Sysmon/Operational and logs and its all good. Am i missing something ?

 

Thanks

 

0 Replies