Note: There may be known issues pertaining to this Solution, please refer to them before installing.

The Windows Security Events solution for Microsoft Sentinel allows you to ingest Security events from your Windows machines using the Windows Agent into Microsoft Sentinel. This solution includes two (2) data connectors to help ingest the logs.

1. Windows Security Events via AMA - This data connector helps in ingesting Security Events logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent here. Microsoft recommends using this Data Connector.

2. Security Events via Legacy Agent - This data connector helps in ingesting Security Events logs into your Log Analytics Workspace using the legacy Log Analytics agent.

NOTE: After this solution is installed, Microsoft recommends configuring and leveraging the Windows Security Events via AMA connector for ingesting security events. Legacy connector uses the Log Analytics agent which is about to be deprecated by Aug 31.2024, and thus should only be installed where AMA is not supported.

Data Connectors: 2, Workbooks: 2, Analytic Rules: 20, Hunting Queries: 43

Learn more about Microsoft Sentinel | Learn more about Solutions