Microsoft Sentinel & Azure Arc – Troubleshooting Windows Event Logs
This post details troubleshooting steps to take when Windows event logs are not being ingested into Microsoft Sentinel via Azure Arc VMs.
This post details troubleshooting steps to take when Windows event logs are not being ingested into Microsoft Sentinel via Azure Arc VMs.
This post outlines the steps to ingest on-premises Windows event logs into Azure Sentinel using Azure Arc.
Ingesting Windows Server event logs into Microsoft Sentinel involves creating a Data Collection Rule for Azure VMs. Subsequent articles will cover on-premises methods.
Want more reporting in Microsoft Sentinel? Look no further, this guide will show you the steps to use PowerBI with Microsoft Sentinel.
A quick workaround for RDP login issues with Entra ID credentials on a Windows 11 VM in Azure.
There are many things to consider when implementing Microsoft Sentinel, such as: defining objectives, assessing environments, designing architecture, managing user access, and ensuring continuous improvement.
Whats happening in the market so far in regards to SIEM? How has XDR, Zero Trust and AI impacted the SIEM Market?
Having issues with expired certificates with Azure Arc enabled machines? This guide will give you the quick fix to reenabling Azure Arc.
SIEM technology began in the 1990s to centralise logs, evolved to real-time event analysis, and now uses machine learning for proactive threat detection.
Microsoft Sentinel requires understanding SIEM concepts and terminology including SOC, SOAR, parsing, syslog, CEF, LEEF, CTI, TAXII, and STIX. Future posts will explore these further.