Everything You Ever Wanted to Know About Using the New Azure Monitor Agent with Microsoft Sentinel

Подписаться 29 тыс.

Просмотров 7 тыс.

50% 1

Tuesday, November 16, 2021, 11:00 AM ET / 8:00 AM PT (webinar recording date)
Microsoft Sentinel Webinar | Everything You Ever Wanted to Know About Using the New Azure Monitor Agent (AMA) with Microsoft Sentinel
Presenter(s): Cristhofer Romeo Muñoz, & Maria de Sousa-Valadas
You may have heard of the new Azure Monitor Agent (AMA) but do you know why you should start thinking about migrating to it if you’re using Azure Sentinel? In this webinar we will discuss why you should be thinking about migrating to AMA, how you can migrate to AMA if you’re already using MMA/OMS and the new features and capabilities it brings to your Azure Sentinel deployment.
To ensure you hear about future Microsoft Sentinel webinars and other developments, make sure you join our community by going to aka.ms/SecurityCommunity #MicrosoftSentinel

Наука

Опубликовано:

13 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 14

@AquibQureshi 2 года назад

thanks Team, a very good explanation about the AMA and supported scenario

@matthewfranklin7541 2 года назад

Many thanks, a very useful presentation!

@mmiltenburg Год назад

Great overview. Thanks very much!

@tijubrain1 2 года назад

Awesome presentation!

@debarghyadasgupta1931 2 года назад

Loved it ❤️

@Ruchikun 2 года назад

[02:55] Contents [04:50] Why a new agent ? [09:00] Azure Monitor Agent Supportability [10:00] Azure arc as a requirement for non-azure machines [11:26] Azure arc (what is...) [14:15] Feature gap analysis between LAG and AMA [16:50] Microsoft Sentinel collection with AMA [19:55] Security Events before and now [26:16] Windows Forwarded Events [32:27] Data collection Rules [38:20] Deploying Azure Arc and AMA at scale [45:58] Should I migrate now? [48:33] Useful resources [48:58] Questions

@mmkmur1 2 года назад

Thank you! Very informative ! One Q: When will the workbook be available ?

@rafaelruales6871 2 года назад

thanks

@b2secops 2 года назад

Hi, thanks for the informative video. Just need some clarification around the two connectors you mentioned. Firstly, what is the difference between the Windows Forwarded Events and Windows Security Events via AMA collectors? I see you used Windows forwarded events for getting events from your DC to Sentinel, can the Windows Security Events also be used to get events from your DC? or is it that it collects 'Security events' only. Thank you

@simple-security Год назад

I've seen no updates on how the AMA agent will work with 'regular' windows workstations (non-servers). All I can find is a link to download the AMA agent (after creating a collection rule) but no details on configuring the agent for a specific workspace, etc. I see that workstations will need to be domain connected and synced with Azure AD. Will WEC be a requirement for non-domain connected workstations?

@1213xyz 8 месяцев назад

As this webinar was recorded some time ago, I am wondering stuff mentioned in this entire video, are they still valid? Like Windows DNS/Firewall, Syslog, CEF or Sysmon not supported by AMA. Is this still valid?

@Ruchikun 2 года назад

It's a shame some of these high level architectural overviews (images) are not to be found on your website. Would help to understand it

@MicrosoftSecurityCommunity 2 года назад

Hi Ken, All of the presentations from the Microsoft Security Community webinars can be found at aka.ms/SecurityCommunity The link is located in the webinars and recordings section. Thank you for watching!