Microsoft Sentinel Article Series: Direct Onboarding Windows Security Events via AMA Connector
Azure Monitor Analytics (AMA) is a powerful log analytics and query tool within the Azure ecosystem, tightly integrated with Microsoft Sentinel, providing advanced data analysis and threat detection capabilities.
Currently AMA Agent is the main connector if you want to ingest your Windows Event Log, because Windows Security Events Data Connector (using Log Analytics Agent) will be retired.
In this case I’m using native Azure Environment and the step is easy.
- Open your Microsoft Sentinel Data Connector and Search Connector name : Windows Security Events via AMA. Then open connector page.
2. At the Right Side just Click +Create Data Collection Rule and fill the data. you can choose your Subscriptions and Resource Group.
3. Click +Add Resource(s) and Choose your Scope.
4. And the result looks like below :
5. Custom what Event do you want to collect.
6. Review and create.
7. Result the connector was received the Security Events.
References :
https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate#windows-logs