Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

New Blog Post | How to configure Security Events collection with Azure Monitor Agent

Microsoft

hspinto_1-1679048858557.png

How to configure Security Events collection with Azure Monitor Agent - Microsoft Community Hub

 

Although Microsoft Defender for Servers (part of the Microsoft Defender for Cloud suite) does not rely on security events collection to provide its protection capabilities, customers may want to collect this valuable data to bring additional context to their server security investigations or alerts. For this reason, Defender for Servers Plan 2 users benefit from a 500-MB free data ingestion allowance (per day, per server) into Log Analytics, as long as the Defender for Servers Plan 2 is also enabled at the Log Analytics Workspace level.

 

Security events collection (for Windows systems only) is done with the help of a guest agent. This has been possible so far with the legacy Log Analytics agent and the Defender for Servers auto-provisioning experience, and is also possible for Microsoft Sentinel users, via the Log Analytics and Azure Monitor Agent (AMA) data connectors. However, if you are not a Sentinel user yet and you are using Defender for Servers with the new AMA experience, it is still possible to collect security events, as you will learn next.

0 Replies