Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Windows 2003 events in Sentinel

Brass Contributor

Hello everyone!

 

I have a customer asking me how to get Windows 2003 events into Sentinel. Obviously the MMA Sentinel Agent won't run on the host, but I'm thinking that event forwarding from 2003 to a supported system, and then scooping the logs from the supported system will work. Has anyone done this, yet?

 

Cheers!

2 Replies
Azure Sentinel currently doesn't support WEF, though this is planned. Meanwhile, you can use 3rd party alternatives such as NXlog to translate to Syslog or WinLogBeat and Logstash to a custom log.
Thank you! We'll go that route, I think.