question

GauravMourya-9453 avatar image
0 Votes"
GauravMourya-9453 asked vipulsparsh-MSFT commented

Not receiving Windows WMI logs on Azure Sentinel

We have a High priority Task related to WMI (Windows Management Instrumentation) logs ingestion to Azure Sentinel for a Client. We are facing some issues while ingesting WMI Logs to Azure Sentinel. We have installed the Microsoft Monitoring Agent on the machine and trying to ingest logs by adding the following Agents Configurations in Log Analytics Workspace

  • Microsoft-Windows-WMI-Activity/Operational

  • Microsoft-Windows-WMI-Activity/Trace

  • SmbWmiAnalytic

  • wmi

  • WMI-Activity

We have referred to https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-to-go-part2-integrating-a-basic-windows-lab-via/ba-p/1742165 guide to implement the process.
We are receiving WMI Events on Windows Event Viewer but these events are not flowing to Log Analytics Workspace.

We have a good relation with the client, so need to resolve this on an urgent basis because to maintain our relationship.

microsoft-sentinel
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@GauravMourya-9453 Thanks for reaching out. Checking to see if you were able to see the WMI events, it might take some time to get uploaded after you have added the agent.
Let us know the status so that we can help you accordingly.

0 Votes 0 ·

0 Answers