Редагувати

Поділитися через


Windows Firewall Events via AMA (Preview) connector for Microsoft Sentinel

Windows Firewall is a Microsoft Windows application that filters information coming to your system from the internet and blocking potentially harmful programs. The firewall software blocks most programs from communicating through the firewall. To stream your Windows Firewall application logs collected from your machines, use the Azure Monitor agent (AMA) to stream those logs to the Microsoft Sentinel workspace.

A configured data collection endpoint (DCE) is required to be linked with the data collection rule (DCR) created for the AMA to collect logs. For this connector, a DCE is automatically created in the same region as the workspace. If you already use a DCE stored in the same region, it's possible to change the default created DCE and use your existing one through the API. DCEs can be located in your resources with SentinelDCE prefix in the resource name.

For more information, see the following articles:

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Connector attribute Description
Log Analytics table(s) ASimNetworkSessionLogs
Data collection rules support Workspace transform DCR
Supported by Microsoft Corporation

Next steps

For more information, go to the related solution in the Azure Marketplace.