Windows Firewall

Microsoft Sentinel, Microsoft Corporation

Windows Firewall

Microsoft Sentinel, Microsoft Corporation

Windows Firewall

Note: Please refer to the following before installing the solution:

• Review the solution Release Notes

• There may be known issues pertaining to this Solution.

The Windows Firewall solution for Microsoft Sentinel allows you to ingest Windows Firewall Events into Microsoft Sentinel using the Log Analytics agent for Windows.

Installing this solution will deploy two data connectors,

  1. Windows Firewall Events via AMA - This data connector helps in ingesting Windows Firewall Events into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent here. Microsoft recommends using this Data Connector
  2. Windows Firewall - This solution installs the data connector to ingest Windows Firewall events using the Windows Firewall solution for Azure. After installing the solution, configure and enable this data connector by following guidance in Manage solution view.

NOTE: Microsoft recommends Installation of Windows Firewall via AMA. Legacy connector uses the Log Analytics agent which is about to be deprecated by Aug 31, 2024, and thus should only be installed where AMA is not supported.

Underlying Microsoft Technologies used:

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

a. Agent based logs collection from Windows and Linux machines

Data Connectors: 2, Workbooks: 1

Learn more about Microsoft Sentinel | Learn more about Solutions