Note: Please refer to the following before installing the solution:

• Review the solution Release Notes

• There may be known issues pertaining to this Solution, please refer to them before installing.

The Windows Forwarded Events solution allows you to ingest all Windows Event Forwarding (WEF) logs from the Windows Servers connected to your Microsoft Sentinel workspace using Azure Monitor Agent (AMA).

Underlying Microsoft Technologies used:

This solution is dependent on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

a. Agent based logs collection from Windows and Linux machines

Data Connectors: 1, Analytic Rules: 2

Learn more about Microsoft Sentinel | Learn more about Solutions