This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 52%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
I'm working to get logs from an on-prem server into Sentinel. Really all I need is visibility into what's going on, and some route to respond to threats so it doesn't necessarily have to be Sentinel but that's what I've been using so far to monitor Azure Active Directory. The DC server has the MMA agent installed, but I think I'm only able to see the 'Heartbeat' (the server itself checking in with the network to verify it's working). How do I get the logs of what that DC is seeing itself into Sentinel (or Azure)?
Hi Sam, chech this link https://learn.microsoft.com/en-us/azure/sentinel/connect-windows-security-events
Great! Thank you, this is working.
For anyone else who might read this, the performance data flows in by default, but you have to go to the connector page and configure SecurityEvents to flow in manually.