====== Azure Sentinel ======

====== Quick-n-Dirty ======
  * Azure Monitor Agent (AMA), collects monitoring data from VMs and sends it to Azure Monitor


  * For non-Azure VMs to be integrated with Sentinel they need to be have the [[https://docs.microsoft.com/en-us/azure/azure-arc/servers/overview|Azure Arc]] agent installed, which makes them //Arc-enabled//.
  * Azure Arc agent is also called the //Azure Connected Machine agent//.
      * This agent does not replace the //Azure Log Analytics agent//, it works in conjunction with it.
      * How does it relate to the //Azure Monitoring Agent//?
  * [[https://docs.microsoft.com/en-us/azure/azure-arc/servers/agent-overview]]


====== To Explore ======
  * [[https://www.infusedinnovations.com/blog/intelligent-cloud/step-by-step-guide-to-deploy-azure-sentinel]]
  * [[https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-agent-collecting-from-servers-and-workstations-on/ba-p/811760]]
  * [[https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/azure-sentinel-the-connectors-grand-cef-syslog-direct-agent/ba-p/803891]]
  * [[https://learn.microsoft.com/en-us/azure/sentinel/create-custom-connector]]