![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 16%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,781 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 39%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
@Praveen Mittapalli Apologies for late response. Kindly note security events are collected from windows machines by Azure Security Center or Azure Sentinel. However, Azure Monitor agent does not support solutions and insights such as VM insights and Azure Security Center as of now. The only scenario currently supported is collecting data using the data collection rules that you configure.
- You can use AMA to natively collect Security Events, same as other Windows Events. These flow to the 'Event' table in your Log Analytics workspace.
- If you have Sentinel enabled on the workspace, the Security Events flow via AMA into the 'SecurityEvent' table instead (same as using Log Analytics Agent). This will always require the solution to be enabled first.
For your reference , availability of solutions for AMA.
In your case, for security events , I would suggest you to query Event table of log analytics workspace.