Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

New Blog Post | Testing New Version of Windows Security Events Connector with Azure Sentinel To-Go!



Testing the New Version of the Windows Security Events Connector with Azure Sentinel To-Go! - Micros...

Last week, on Monday June 14th, 2021, a new version of the Windows Security Events data connector reached public preview. This is the first data connector created leveraging the new generally available Azure Monitor Agent (AMA) and Data Collection Rules (DCR) features from the Azure Monitor ecosystem. As any other new feature in Azure Sentinel, we wanted to expedite the testing process and empower others in the InfoSec community through a lab environment to learn more about it. 


In this post, we will talk about the new features of the new data connector and how to automate the deployment of an Azure Sentinel instance with the connector enabled, the creation and association of DCRs and installation of the AMA on a Windows workstation. This is an extension of a blog post written last year (2020), where we covered the collection of Windows security events via the Log Analytics Agent (Legacy). 

0 Replies