Feb 21 2024 10:31 PM - edited Feb 21 2024 10:31 PM
Hello,
I have integrated windows VM via Windows security events via AMA data connector in sentinel. Also I have enabled the sysmon on windows VM and added the x-path query to get the windows sysmon events in sentinel. I deployed the sysmon parser as well but I just got to know that the parser is created on "Event" table whereas I can see the logs in "SecurityEvents". Anyone can help?
Thanks..