I need to import data collected by on-premise MS ATA server into Azure Sentinel. I haven't been able to find documentation on the proper way to do this. The goal is to import all data that is collected on the ATA server, not just logs about that particular server. Any help will be highly appreciated.
Asked
Active
Viewed 135 times
1 Answers
0
The logs should be easy to ingest, you just modify the client configuration for logs you're collecting.
Other than logs, what other data are you wanting to ingest?
rodtrent
- 108
- 3
-
Well, yes. Logs are what I'm trying to import. Now, which logs from the ATA server would be appropriate? MS ATA is monitoring our on-premise environment security and processing that data. I want to import logs that are relevant to ATA's function. – Vladimir Popovic Feb 17 '21 at 15:10