![]() Adding MBAM/Bitlocker Logs to Azure Sentinel.You can configure the agents to send any Windows event type, not just security events, such as Sysmon. ![]() When installed on a domain controller, the agent collects AD events.However, the agent is not limited to this telemetry, and Azure Sentinel can collect the following additional data streams using the agent: ![]() Once you enabled them through the Sentinel's Data Connectors, they will be collected by every agent configured to send data to the workspace.Īdditional data streams collected by the Agent This leads to additional collections latency, which can be controlled by changing the log file size as described here.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |