Table of Contents
Azure Sentinel
Quick-n-Dirty
To Explore
Azure Sentinel
Quick-n-Dirty
Azure Monitor Agent (AMA), collects monitoring data from VMs and sends it to Azure Monitor
For non-Azure VMs to be integrated with Sentinel they need to be have the
Azure Arc
agent installed, which makes them
Arc-enabled
.
Azure Arc agent is also called the
Azure Connected Machine agent
.
This agent does not replace the
Azure Log Analytics agent
, it works in conjunction with it.
How does it relate to the
Azure Monitoring Agent
?
https://docs.microsoft.com/en-us/azure/azure-arc/servers/agent-overview
To Explore
https://www.infusedinnovations.com/blog/intelligent-cloud/step-by-step-guide-to-deploy-azure-sentinel
https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-agent-collecting-from-servers-and-workstations-on/ba-p/811760
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/azure-sentinel-the-connectors-grand-cef-syslog-direct-agent/ba-p/803891
https://learn.microsoft.com/en-us/azure/sentinel/create-custom-connector