Hi there.
I have a couple of questions regarding the agents to install on windows machines to bring events to Azure Sentinel.
I currently have the Azure Monitor agent for Log Analytics deployed on the DCs. And a separate LogAnalytic for Azure Sentinel. I want to connect windows events to Sentinel's log analytic.
The questions are as follows:
To connect the windows machines to Azure Sentinel, do I need the SecurityEvents agent or can I use the current Azure Monitor agent.
Can I forward events to the Azure Sentinel Log Analytic, using the Azure Monitor agent, and also keep them coming to the current LogAnalytic?
Using the current agent, can I forward only security events to the log analytic that Sentinel uses? That is, I want the security events to go to the Azure Sentinel log analytics and the rest to the current log analytics, where Sentinel is not.
Thank you for your help.
Regards.