Windows sysmon events in Sentinel via AMA

Brass Contributor

Hello,

 

I have integrated windows VM via Windows security events via AMA data connector in sentinel. Also I have enabled the sysmon on windows VM and added the x-path query to get the windows sysmon events in sentinel. I deployed the sysmon parser as well but I just got to know that the parser is created on "Event" table whereas I can see the logs in "SecurityEvents". Anyone can help?

 

Thanks..

 

Sidra_Raza_0-1708583359936.pngSidra_Raza_1-1708583389370.png

 

0 Replies