Hi Sri
Yes Its possible !! Steps to send your Windows 365 Machine logs to Microsoft Sentinel:
- Set Up Log Analytics Workspace
Create a Log Analytics Workspace:
- Go to the Azure portal.
- Navigate to "Log Analytics workspaces".
- Click "+ Create" and fill in the required details (Subscription, Resource Group, Name, Region).
- Click "Review + create" and then "Create".
- Install the Log Analytics Agent
Download the Agent:
- On your Windows 365 machine, download the Log Analytics agent from the Microsoft Download Center.
Install the Agent:
- Run the installer.
- During installation, you will be prompted to provide the "Workspace ID" and "Primary Key". You can find these in the Azure portal under your Log Analytics workspace:
- Go to your workspace.
- Under "Settings", select "Agents management".
- Copy the "Workspace ID" and "Primary Key".
- Configure Data Collection
Configure Windows Event Logs:
- In the Azure portal, go to your Log Analytics workspace.
- Under "Settings", select "Agents configuration".
- Click on "Windows Event Logs".
- Add the event logs you want to collect (e.g., Application, Security, System).
Configure Performance Counters:
- Still under "Agents configuration", select "Performance counters".
- Add the performance counters you want to monitor (e.g., Processor, Memory, Disk).
- Connect Log Analytics to Microsoft Sentinel
Enable Microsoft Sentinel:
- In the Azure portal, navigate to "Microsoft Sentinel".
- Click "+ Add" and select your Log Analytics workspace.
Configure Data Connectors":
- In your Sentinel workspace, go to "Configuration" > "Data connectors".
- Find and configure the "Windows Security Events via AMA" connector:
- Click on the connector.
- Follow the instructions to enable the data connector and configure the necessary permissions.
- Verify Data Ingestion
Run Queries in Sentinel:
- Go to the "Logs" section in your Sentinel workspace.
- Use Kusto Query Language (KQL) to run queries and verify that logs are being ingested. For example: SecurityEvent | where TimeGenerated > ago(1d) | take 10
Check for Errors:
- Ensure there are no errors in the "Agent Health" section of your Log Analytics workspace.
- Verify that the agent is connected and sending data.
--- If the answer was helpful and resolved your query , Kindly accept the answer ----