Forum Discussion

SalmanKhan's avatar
SalmanKhan
Copper Contributor
Oct 03, 2020

Windows Firewall logs are enabled, but they do not show up in Sentinel

Hello,   We have MMA agent installed on 26 windows server, but we are not getting into Sentinel. I can not see any table named "WindowsFirewall" either. Do the tables appear when data starts pour...
SalmanKhan's avatar
SalmanKhan
Copper Contributor
Oct 05, 2020

CliveWatson Thanks a lot.

I have now removed the collection via event-logs and have now configured Data Connector for Windows Defender Firewall with Advanced Security. Should it take some time before I see logs  coming in?

Would it also help in getting the map "Potential malicious events" to get live?

 

Thanks for your help Clive 🙂 Much appreciated.

CliveWatson's avatar
CliveWatson
Former Employee
Oct 05, 2020

SalmanKhan 

 

That map shows up when you have data in at least one of these Tables:

 

W3CIISLog
DnsEvents
WireData
WindowsFirewall
VMConnection
CommonSecurityLog
 
to check:
 
union isfuzzy=true  
W3CIISLog,
DnsEvents,
WireData,
WindowsFirewall,
VMConnection,
CommonSecurityLog
| summarize count() by Type

Resources