Merge pull request #277186 from cwatson-cat/patch-36

Jill Grant · web-flow · commit 91f13f8fbb4a · 2024-06-04T17:14:46.000-06:00
Sentinel connector - Update windows-firewall-events-via-ama.md
diff --git a/articles/sentinel/data-connectors/windows-firewall-events-via-ama.md b/articles/sentinel/data-connectors/windows-firewall-events-via-ama.md
@@ -3,15 +3,22 @@ title: "Windows Firewall Events via AMA (Preview) connector for Microsoft Sentin
 description: "Learn how to install the connector Windows Firewall Events via AMA (Preview) to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 05/30/2024
+ms.date: 06/04/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
 ---
 
 # Windows Firewall Events via AMA (Preview) connector for Microsoft Sentinel
 
-Windows Firewall is a Microsoft Windows application that filters information coming to your system from the internet and blocking potentially harmful programs. The firewall software blocks most programs from communicating through the firewall. Customers wishing to stream their Windows Firewall application logs collected from their machines can now use the AMA to stream those logs to the Microsoft Sentinel workspace. For more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2228623&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).
+Windows Firewall is a Microsoft Windows application that filters information coming to your system from the internet and blocking potentially harmful programs. The firewall software blocks most programs from communicating through the firewall. To stream your Windows Firewall application logs collected from your machines, use the Azure Monitor agent (AMA) to stream those logs to the Microsoft Sentinel workspace. 
+
+A configured data collection endpoint (DCE) is required to be linked with the data collection rule (DCR) created for the AMA to collect logs. For this connector, a DCE is automatically created in the same region as the workspace. If you already use a DCE stored in the same region, it's possible to change the default created DCE and use your existing one through the API. DCEs can be located in your resources with **SentinelDCE** prefix in the resource name.
+
+For more information, see the following articles:
+
+- [Data collection endpoints in Azure Monitor](/azure/azure-monitor/essentials/data-collection-endpoint-overview)
+- [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2228623&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci)
 
 This is autogenerated content. For changes, contact the solution provider.
 
