In this challenge, we will integrate your Azure Arc connected machines with Azure Sentinel. After completing the previous challenges, you should now have an Azure subscription with one or more Azure Arc managed servers. You should also have an available Log Analytics workspace and have deployed the Log Analytics agent to your server(s).
- Enable Azure Sentinel on your Azure Arc connected machines by configuring the Log Analytics agent to forward events to Azure Sentinel such as Common Event Format (CEF) or Syslog.
- From Azure Sentinel, view collected events from your Azure Arc connected machine.