Windows sysmon events in Sentinel via AMA

Brass Contributor



I have integrated windows VM via Windows security events via AMA data connector in sentinel. Also I have enabled the sysmon on windows VM and added the x-path query to get the windows sysmon events in sentinel. I deployed the sysmon parser as well but I just got to know that the parser is created on "Event" table whereas I can see the logs in "SecurityEvents". Anyone can help?






0 Replies