What the Hack: Azure Arc enabled servers

Challenge 4 – Arc Value Add: Integrate Sentinel

Back - Home - Next

Introduction

In this challenge, we will integrate your Azure Arc connected machines with Azure Sentinel. After completing the previous challenges, you should now have an Azure subscription with one or more Azure Arc managed servers. You should also have an available Log Analytics workspace and have deployed the Log Analytics agent to your server(s).

Challenge

1. Enable Azure Sentinel on your Azure Arc connected machines by configuring the Log Analytics agent to forward events to Azure Sentinel such as Common Event Format (CEF) or Syslog.

Success Criteria

1. From Azure Sentinel, view collected events from your Azure Arc connected machine.

Back - Home - Next