🔐 [NEW BLOG] #MicrosoftSentinel allows you to stream, and filter #Windows #Firewall application logs collected from machines and servers using the new #WindowsFirewall via #AzureMonitorAgent to the "ASimNetworkSessionLogs" normalized schema table. ❓ One question we are frequently asked is whether we can use the #WindowsForwardedEvents solution using #AMA to collect Windows Firewall Events to be forwarded to a Windows Event Collector machine, similar to collecting Windows #SecurityEvent logs instead of individually loading the AMA agent on each server. 🤙 The short answer is YES! 🎉 🚀 This guide will describe all the steps to configure and collect #WindowsFirewall Events from servers, send them to #Microsoft #Sentinel using the Windows Forwarded Events #WEF solution, and get them ingested into the "ASimNetworkSessionLogs" normalized table using ingestion-time data transformation. 🔥 This approach would not require installing and managing the #AMA on each machine but to keep collecting from a central server with outbound connectivity. Learn more! 👇👇👇 charbelnemnom.com/collect-wi… #MicrosoftSecurity #SIEM #SOAR #NetworkSecurity #AzureSecurity