Connect Windows hosts to Microsoft Sentinel

Module
7 Units

Intermediate

Security Operations Analyst

Azure

Microsoft Sentinel

Windows Security

Sysinternals

Azure Policy

Two of the most common logs to collect are Windows security events and Sysmon. Learn how Microsoft Sentinel makes this easy with the Microsoft Windows Events data connectors.

Learning objectives

Upon completion of this module, the learner is able to:

Connect Azure Windows Virtual Machines to Microsoft Sentinel
Connect non-Azure Windows hosts to Microsoft Sentinel
Install and configure a data connector to collect Sysmon events

Prerequisites

Basic knowledge of operational concepts such as monitoring, logging, and alerting.

Get started with Azure

Choose the Azure account that's right for you. Pay as you go or try Azure free for up to 30 days. Sign up.

Introduction min
Plan for Windows hosts security events connector min
Connect using the Windows Security Events via AMA Connector min
Connect using the Security Events via Legacy Agent Connector min
Collect Sysmon event logs min
Module assessment min
Summary and resources min