You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/ama-migrate.md
+1-2Lines changed: 1 addition & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,8 +21,7 @@ The Log Analytics agent is [retired as of 31 August, 2024](https://azure.microso
21
21
22
22
- Start with the [Azure Monitor documentation](/azure/azure-monitor/agents/azure-monitor-agent-migration), which provides an agent comparison and general information for this migration process. This article provides specific details and differences for Microsoft Sentinel.
23
23
24
-
25
-
## Recommended migration plan
24
+
## Migrate to the Azure Monitor Agent
26
25
27
26
Each organization will have different metrics of success and internal migration processes. This section provides suggested guidance to consider when migrating from the Log Analytics MMA/OMS agent to the AMA, specifically for Microsoft Sentinel.
Copy file name to clipboardExpand all lines: articles/sentinel/connect-services-api-based.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -39,7 +39,7 @@ This article presents information that is common to the group of API-based data
39
39
40
40
41
41
42
-
## Instructions
42
+
## Connect to Microsoft services via API-based connectors
43
43
44
44
1. From the Microsoft Sentinel navigation menu, select **Data connectors**.
45
45
@@ -51,7 +51,7 @@ This article presents information that is common to the group of API-based data
51
51
52
52
You can find and query the data for each service using the table names that appear in the section for the service's connector in the [Data connectors reference](data-connectors-reference.md) page.
This section covers prerequisites and general installation instructions for the group of data connectors that use standalone diagnostic settings-based connections.
24
+
To ingest data into Microsoft Sentinel using a standalone, diagnostic settings-based connector, you must have read and write permissions on the Log Analytics workspace enabled for Microsoft Sentinel.
25
25
26
-
### Prerequisites
26
+
To ingest data into Microsoft Sentinel using diagnostic settings-based connectors managed by Azure Policy, you must also have the following prerequisites:
27
27
28
-
To ingest data into Microsoft Sentinel:
28
+
- To use Azure Policy to apply a log streaming policy to your resources, you must have the Owner role for the policy assignment scope.
29
+
30
+
- The following prerequisites, depending on which connector you're using:
29
31
30
-
- You must have read and write permissions on the Microsoft Sentinel workspace.
32
+
|Data connector |Licensing, costs, and other information |
33
+
|---------|---------|
34
+
|**Azure Activity**| This connector now uses the diagnostic settings pipeline. If you're using the legacy method, you must disconnect the existing subscriptions from the legacy method before setting up the new Azure Activity log connector.<br><br>1. From the Microsoft Sentinel navigation menu, select **Data connectors**. From the list of connectors, select **Azure Activity**, and then select the **Open connector page** button on the lower right.<br>2. Under the **Instructions** tab, in the **Configuration** section, in step 1, review the list of your existing subscriptions that are connected to the legacy method, and disconnect them all at once by clicking the **Disconnect All** button below.<br>3. Continue setting up the new connector with the instructions in this section. |
35
+
|**Azure DDoS Protection**|- Configured [Azure DDoS Standard protection plan](../ddos-protection/manage-ddos-protection.md#create-a-ddos-protection-plan).<br>- Configured [virtual network with Azure DDoS Standard enabled](../ddos-protection/manage-ddos-protection.md#enable-for-a-new-virtual-network)<br>- Other charges may apply<br>- The **Status** for Azure DDoS Protection Data Connector changes to **Connected** only when the protected resources are under a DDoS attack.|
36
+
|**Azure Storage Account**|The storage account (parent) resource has within it other (child) resources for each type of storage: files, tables, queues, and blobs. </br>When configuring diagnostics for a storage account, you must select and configure: <br><br>- The parent account resource, exporting the **Transaction** metric.<br>- Each of the child storage-type resources, exporting all the logs and metrics.<br><br>You'll only see the storage types that you actually have defined resources for.|
31
37
32
-
### Instructions
38
+
## Connect via a standalone diagnostic settings-based connector
39
+
40
+
This procedure describes how to connect to Microsoft Sentinel using data connectors that use standalone connections based on diagnostic settings.
33
41
34
42
1. From the Microsoft Sentinel navigation menu, select **Data connectors**.
35
43
@@ -45,35 +53,17 @@ To ingest data into Microsoft Sentinel:
45
53
46
54
1. In the **Diagnostics settings** screen, enter a name in the **Diagnostic settings name** field.
47
55
48
-
Mark the **Send to Log Analytics** check box. Two new fields will be displayed below it. Choose the relevant **Subscription** and **Log Analytics Workspace** (where Microsoft Sentinel resides).
56
+
Mark the **Send to Log Analytics** check box. Two new fields are displayed below it. Choose the relevant **Subscription** and **Log Analytics Workspace** (where Microsoft Sentinel resides).
49
57
50
58
1. Mark the check boxes of the types of logs and metrics you want to collect. See our recommended choices for each resource type in the section for the resource's connector in the [Data connectors reference](data-connectors-reference.md) page.
51
59
52
60
1. Select **Save** at the top of the screen.
53
61
54
62
For more information, see also [Create diagnostic settings to send Azure Monitor platform logs and metrics to different destinations](/azure/azure-monitor/essentials/diagnostic-settings) in the Azure Monitor documentation.
This section covers prerequisites and general installation instructions for the group of data connectors that use Azure Policy managed diagnostic settings-based connections.
59
-
60
-
### Prerequisites
61
-
62
-
To ingest data into Microsoft Sentinel:
63
-
64
-
- You must have read and write permissions on the Microsoft Sentinel workspace.
65
-
66
-
- To use Azure Policy to apply a log streaming policy to your resources, you must have the Owner role for the policy assignment scope.
67
-
68
-
- Data connector specific requirements:
69
-
70
-
|Data connector |Licensing, costs, and other information |
71
-
|---------|---------|
72
-
|Azure Activity| This connector now uses the diagnostic settings pipeline. If you're using the legacy method, you must disconnect the existing subscriptions from the legacy method before setting up the new Azure Activity log connector.<br><br>1. From the Microsoft Sentinel navigation menu, select **Data connectors**. From the list of connectors, select **Azure Activity**, and then select the **Open connector page** button on the lower right.<br>2. Under the **Instructions** tab, in the **Configuration** section, in step 1, review the list of your existing subscriptions that are connected to the legacy method, and disconnect them all at once by clicking the **Disconnect All** button below.<br>3. Continue setting up the new connector with the instructions in this section. |
73
-
|Azure DDoS Protection|- Configured [Azure DDoS Standard protection plan](../ddos-protection/manage-ddos-protection.md#create-a-ddos-protection-plan).<br>- Configured [virtual network with Azure DDoS Standard enabled](../ddos-protection/manage-ddos-protection.md#enable-for-a-new-virtual-network)<br>- Other charges may apply<br>- The **Status** for Azure DDoS Protection Data Connector changes to **Connected** only when the protected resources are under a DDoS attack.|
74
-
|Azure Storage Account|The storage account (parent) resource has within it other (child) resources for each type of storage: files, tables, queues, and blobs.</br>When configuring diagnostics for a storage account, you must select and configure: <br><br>- The parent account resource, exporting the **Transaction** metric.<br>- Each of the child storage-type resources, exporting all the logs and metrics.<br><br>You will only see the storage types that you actually have defined resources for.|
64
+
## Connect via a diagnostic setting-based connector managed by Azure Policy
75
65
76
-
### Instructions
66
+
This procedure describes how to connect to Microsoft Sentinel using data connectors that use connections that are based on diagnostic settings and are managed by Azure Policy.
77
67
78
68
Connectors of this type use Azure Policy to apply a single diagnostic settings configuration to a collection of resources of a single type, defined as a scope. You can see the log types ingested from a given resource type on the left side of the connector page for that resource, under **Data types**.
79
69
@@ -83,27 +73,27 @@ Connectors of this type use Azure Policy to apply a single diagnostic settings c
83
73
84
74
1. In the **Configuration** section of the connector page, expand any expanders you see there and select the **Launch Azure Policy Assignment wizard** button.
85
75
86
-
The policy assignment wizard opens, ready to create a new policy, with a policy name pre-populated.
76
+
The policy assignment wizard opens, ready to create a new policy, with a policy name prepopulated.
87
77
88
78
1. In the **Basics** tab, select the button with the three dots under **Scope** to choose your subscription (and, optionally, a resource group). You can also add a description.
89
79
90
80
1. In the **Parameters** tab:
91
81
- Clear the **Only show parameters that require input** check box.
92
82
- If you see **Effect** and **Setting name** fields, leave them as is.
93
83
- Choose your Microsoft Sentinel workspace from the **Log Analytics workspace** drop-down list.
94
-
- The remaining drop-down fields represent the available diagnostic log types. Leave marked as “True” all the log types you want to ingest.
84
+
- The remaining drop-down fields represent the available diagnostic log types. Leave marked as *True* all the log types you want to ingest.
95
85
96
86
1. The policy will be applied to resources added in the future. To apply the policy on your existing resources as well, select the **Remediation** tab and mark the **Create a remediation task** check box.
97
87
98
88
1. In the **Review + create** tab, click **Create**. Your policy is now assigned to the scope you chose.
99
89
100
-
With this type of data connector, the connectivity status indicators (a color stripe in the data connectors gallery and connection icons next to the data type names) will show as *connected* (green) only if data has been ingested at some point in the past 14 days. Once 14 days have passed with no data ingestion, the connector will show as being disconnected. The moment more data comes through, the *connected* status will return.
90
+
With this type of data connector, the connectivity status indicators (a color stripe in the data connectors gallery and connection icons next to the data type names) shows as *connected* (green) only if data has been ingested at some point in the past 14 days. Once 14 days have passed with no data ingestion, the connector shows as being disconnected. The moment more data comes through, the *connected* status returns.
101
91
102
92
You can find and query the data for each resource type using the table name that appears in the section for the resource's connector in the [Data connectors reference](data-connectors-reference.md) page. For more information, see [Create diagnostic settings to send Azure Monitor platform logs and metrics to different destinations](/azure/azure-monitor/essentials/diagnostic-settings?tabs=CMD) in the Azure Monitor documentation.
0 commit comments