Azure Monitor Agent (AMA)

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Methods Index

---

The Azure Monitor Agent (AMA) is the recommended agent for collecting logs from Azure VMs, on-premises servers, and multi-cloud environments. It replaces the legacy Log Analytics agent (MMA) and provides improved performance, security, and manageability.

Documentation

• 📖 Azure Monitor Agent overview
• 📖 Install and manage the Azure Monitor Agent
• 📖 Connect via Windows agent-based connectors
• 📖 Migrate to Azure Monitor Agent from Log Analytics agent
• 📖 AMA migration for Microsoft Sentinel
• 📖 Data collection rules in Azure Monitor
• 📖 CEF and Syslog via AMA overview
• 📖 Connect CEF and Syslog via AMA
• 📖 Device configuration for CEF via AMA
• 📖 Syslog device configuration
• 📖 Troubleshoot CEF and Syslog via AMA
• 📖 Collect logs from text files via AMA
• 📖 Custom logs device configuration
• 📖 DNS via AMA

Statistics

Metric	Count
Total Connectors	166
Active	36
Deprecated 🚫	122
Unpublished ⚠️	8

Connectors Using This Method

Active Connectors

Connector	Publisher	Tables	Solution
Microsoft Active-Directory Domain Controllers Security Event Logs	Microsoft	1	Microsoft Exchange Security - Exchange On-Premises
[Recommended] Infoblox Cloud Data Connector via AMA	Infoblox	1	Infoblox
[Recommended] Infoblox SOC Insight Data Connector via AMA	Infoblox	1	Infoblox
[Recommended] Vectra AI Stream via AMA	Vectra AI	17	Vectra AI Stream
AI Vectra Stream via Legacy Agent 🔶	Vectra AI	1	Vectra AI Stream
Alsid for Active Directory ⚠️	Alsid	1	Alsid For AD
Automated Logic WebCTRL	AutomatedLogic	1	ALC-WebCTRL
Cisco ASA via Legacy Agent ⚠️ ➕	Cisco	1	CiscoASA
Cisco ASA/FTD via AMA ➕	Microsoft	2	CiscoASA
Cisco Software Defined WAN 🔶	Cisco	2	Cisco SD-WAN
Claroty xDome	Claroty	1	Claroty xDome
Common Event Format (CEF) ➕	Any	1	Common Event Format
Common Event Format (CEF) via AMA ➕	Microsoft	1	Common Event Format
CTERA Syslog	CTERA Networks Ltd	1	CTERA
Custom logs via AMA 🔶	Microsoft	16	CustomLogsAma
Cyborg Security HUNTER Hunt Packages	Cyborg Security	1	Cyborg Security HUNTER
DNS	Microsoft	2	Windows Server DNS
Elastic Agent	Elastic	1	ElasticAgent
Eset Security Management Center ⚠️ 🔶	Eset	1	Eset Security Management Center
Forescout	Forescout	1	Forescout (Legacy)
Fortinet FortiWeb Web Application Firewall via AMA	Microsoft	1	Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel
iboss via AMA ➕	iboss	1	iboss
IIS Logs of Microsoft Exchange Servers	Microsoft	1	Microsoft Exchange Security - Exchange On-Premises
Imperva WAF Gateway ⚠️	Imperva	1	Imperva WAF Gateway
IronNet IronDefense ⚠️	IronNet	1	IronNet IronDefense
Microsoft Exchange Admin Audit Logs by Event Logs	Microsoft	1	Microsoft Exchange Security - Exchange On-Premises
Microsoft Exchange Logs and Events	Microsoft	1	Microsoft Exchange Security - Exchange On-Premises
One Identity Safeguard	One Identity LLC.	1	OneIdentity
Palo Alto Networks Cortex XDR ⚠️	Palo Alto Networks	1	Palo Alto - XDR (Cortex)
Radiflow iSID via AMA	Radiflow	1	Radiflow
Security Events via Legacy Agent ➕	Microsoft	1	Windows Security Events
SecurityBridge Threat Detection for SAP ⚠️ ➕	SecurityBridge	1	SecurityBridge App
Semperis Directory Services Protector	SEMPERIS	1	Semperis Directory Services Protector
Silverfort Admin Console	Silverfort	1	Silverfort
Syslog via AMA	Microsoft	1	Syslog
Syslog via Legacy Agent	Microsoft	1	Syslog
Tenable Identity Exposure	Tenable	2	Tenable App
Tenable.ad ⚠️	Tenable	2	TenableAD
VirtualMetric DataStream for Microsoft Sentinel	VirtualMetric	1	VirtualMetric DataStream
VirtualMetric DataStream for Microsoft Sentinel data lake	VirtualMetric	1	VirtualMetric DataStream
Windows DNS Events via AMA	Microsoft	1	Windows Server DNS
Windows Firewall Events via AMA	Microsoft	1	Windows Firewall
Windows Forwarded Events	Microsoft	1	Windows Forwarded Events
Windows Security Events via AMA ➕	Microsoft	1	Windows Security Events

Deprecated Connectors 🚫

Connector	Publisher	Tables	Solution
🚫 [Deprecated] AI Analyst Darktrace via AMA	Darktrace	1	AI Analyst Darktrace
🚫 [Deprecated] AI Analyst Darktrace via Legacy Agent	Darktrace	1	AI Analyst Darktrace
🚫 [Deprecated] Akamai Security Events via AMA	Akamai	1	Akamai Security Events
🚫 [Deprecated] Akamai Security Events via Legacy Agent	Akamai	1	Akamai Security Events
🚫 [Deprecated] Apache HTTP Server	Apache	1	ApacheHTTPServer
🚫 [Deprecated] Apache Tomcat	Apache	1	Tomcat
🚫 [Deprecated] Aruba ClearPass via AMA	Aruba Networks	1	Aruba ClearPass
🚫 [Deprecated] Aruba ClearPass via Legacy Agent	Aruba Networks	1	Aruba ClearPass
🚫 [Deprecated] Awake Security via Legacy Agent	Arista Networks	1	AristaAwakeSecurity
🚫 [Deprecated] Barracuda CloudGen Firewall	Barracuda	1	Barracuda CloudGen Firewall
🚫 [Deprecated] Barracuda Web Application Firewall via Legacy Agent	Barracuda	3	Barracuda WAF
🚫 [Deprecated] Blackberry CylancePROTECT	Blackberry	1	Blackberry CylancePROTECT
🚫 [Deprecated] Broadcom Symantec DLP via AMA	Broadcom	1	Broadcom SymantecDLP
🚫 [Deprecated] Broadcom Symantec DLP via Legacy Agent	Broadcom	1	Broadcom SymantecDLP
🚫 [Deprecated] Cisco Application Centric Infrastructure	Cisco	1	Cisco ACI
🚫 [Deprecated] Cisco Firepower eStreamer via AMA	Cisco	1	Cisco Firepower EStreamer
🚫 [Deprecated] Cisco Firepower eStreamer via Legacy Agent	Cisco	1	Cisco Firepower EStreamer
🚫 [Deprecated] Cisco Identity Services Engine	Cisco	1	Cisco ISE
🚫 [Deprecated] Cisco Meraki	Cisco	3	CiscoMeraki
🚫 [Deprecated] Cisco Secure Cloud Analytics	Cisco	1	Cisco Secure Cloud Analytics
🚫 [Deprecated] Cisco Secure Email Gateway via AMA	Cisco	1	CiscoSEG
🚫 [Deprecated] Cisco Secure Email Gateway via Legacy Agent	Cisco	1	CiscoSEG
🚫 [Deprecated] Cisco UCS	Cisco	1	Cisco UCS
🚫 [Deprecated] Cisco Web Security Appliance	Cisco	1	CiscoWSA
🚫 [Deprecated] Citrix ADC (former NetScaler)	Citrix	1	Citrix ADC
🚫 [Deprecated] Citrix WAF (Web App Firewall) via AMA	Citrix Systems Inc.	1	Citrix Web App Firewall
🚫 [Deprecated] Citrix WAF (Web App Firewall) via Legacy Agent	Citrix Systems Inc.	1	Citrix Web App Firewall
🚫 [Deprecated] Claroty via AMA	Claroty	1	Claroty
🚫 [Deprecated] Claroty via Legacy Agent	Claroty	1	Claroty
🚫 [Deprecated] Contrast Protect via AMA	Contrast Security	1	Contrast Protect
🚫 [Deprecated] Contrast Protect via Legacy Agent	Contrast Security	1	Contrast Protect
🚫 [Deprecated] CrowdStrike Falcon Endpoint Protection via AMA	CrowdStrike	1	CrowdStrike Falcon Endpoint Protection
🚫 [Deprecated] CrowdStrike Falcon Endpoint Protection via Legacy Agent	CrowdStrike	1	CrowdStrike Falcon Endpoint Protection
🚫 [Deprecated] CyberArk Enterprise Password Vault (EPV) Events via Legacy Agent	Cyber-Ark	1	CyberArk Privilege Access Manager (PAM) Events
🚫 [Deprecated] CyberArk Privilege Access Manager (PAM) Events via AMA	Cyber-Ark	1	CyberArk Privilege Access Manager (PAM) Events
🚫 [Deprecated] Delinea Secret Server via AMA	Delinea, Inc	1	Delinea Secret Server
🚫 [Deprecated] Delinea Secret Server via Legacy Agent	Delinea, Inc	1	Delinea Secret Server
🚫 [Deprecated] Digital Guardian Data Loss Prevention	Digital Guardian	1	Digital Guardian Data Loss Prevention
🚫 [Deprecated] ESET PROTECT	ESET	1	ESETPROTECT
🚫 [Deprecated] Exabeam Advanced Analytics	Exabeam	1	Exabeam Advanced Analytics
🚫 [Deprecated] ExtraHop Reveal(x) via AMA	ExtraHop Networks	1	ExtraHop Reveal(x)
🚫 [Deprecated] ExtraHop Reveal(x) via Legacy Agent	ExtraHop Networks	1	ExtraHop Reveal(x)
🚫 [Deprecated] F5 Networks via AMA	F5 Networks	1	F5 Networks
🚫 [Deprecated] F5 Networks via Legacy Agent	F5 Networks	1	F5 Networks
🚫 [Deprecated] FireEye Network Security (NX) via AMA	FireEye	1	FireEye Network Security
🚫 [Deprecated] FireEye Network Security (NX) via Legacy Agent	FireEye	1	FireEye Network Security
🚫 [Deprecated] Forcepoint CASB via AMA	Forcepoint CASB	1	Forcepoint CASB
🚫 [Deprecated] Forcepoint CASB via Legacy Agent	Forcepoint CASB	1	Forcepoint CASB
🚫 [Deprecated] Forcepoint CSG via AMA	Forcepoint	1	Forcepoint CSG
🚫 [Deprecated] Forcepoint CSG via Legacy Agent	Forcepoint	1	Forcepoint CSG
🚫 [Deprecated] Forcepoint NGFW via AMA	Forcepoint	1	Forcepoint NGFW
🚫 [Deprecated] Forcepoint NGFW via Legacy Agent	Forcepoint	1	Forcepoint NGFW
🚫 [Deprecated] ForgeRock Identity Platform	ForgeRock Inc	1	ForgeRock Common Audit for CEF
🚫 [Deprecated] Fortinet FortiWeb Web Application Firewall via Legacy Agent	Microsoft	1	Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel
🚫 [Deprecated] Fortinet via AMA	Fortinet	1	Fortinet FortiGate Next-Generation Firewall connector for Microsoft Sentinel
🚫 [Deprecated] Fortinet via Legacy Agent	Fortinet	1	Fortinet FortiGate Next-Generation Firewall connector for Microsoft Sentinel
🚫 [Deprecated] GitLab	Microsoft	1	GitLab
🚫 [Deprecated] iboss via Legacy Agent	iboss	1	iboss
🚫 [Deprecated] Illumio Core via AMA	Illumio	1	Illumio Core
🚫 [Deprecated] Illumio Core via Legacy Agent	Illumio	1	Illumio Core
🚫 [Deprecated] Illusive Platform via AMA	illusive	1	Illusive Platform
🚫 [Deprecated] Illusive Platform via Legacy Agent	illusive	1	Illusive Platform
🚫 [Deprecated] Infoblox Cloud Data Connector via Legacy Agent	Infoblox	1	Infoblox Cloud Data Connector
🚫 [Deprecated] Infoblox NIOS	Infoblox	1	Infoblox NIOS
🚫 [Deprecated] Infoblox SOC Insight Data Connector via Legacy Agent	Infoblox	1	Infoblox
🚫 [Deprecated] ISC Bind	ISC	1	ISC Bind
🚫 [Deprecated] Ivanti Unified Endpoint Management	Ivanti	1	Ivanti Unified Endpoint Management
🚫 [Deprecated] JBoss Enterprise Application Platform	Red Hat	1	JBoss
🚫 [Deprecated] Juniper IDP	Juniper	1	JuniperIDP
🚫 [Deprecated] Juniper SRX	Juniper	1	Juniper SRX
🚫 [Deprecated] MarkLogic Audit	MarkLogic	1	MarkLogicAudit
🚫 [Deprecated] McAfee ePolicy Orchestrator (ePO)	McAfee	1	McAfee ePolicy Orchestrator
🚫 [Deprecated] McAfee Network Security Platform	McAfee	1	McAfee Network Security Platform
🚫 [Deprecated] Microsoft Exchange Logs and Events	Microsoft	5	Microsoft Exchange Security - Exchange On-Premises
🚫 [Deprecated] Microsoft Sysmon For Linux	Microsoft	1	Microsoft Sysmon For Linux
🚫 [Deprecated] MongoDB Audit	MongoDB	1	MongoDBAudit
🚫 [Deprecated] Nasuni Edge Appliance	Nasuni	1	Nasuni
🚫 [Deprecated] Netwrix Auditor via AMA	Netwrix	1	Netwrix Auditor
🚫 [Deprecated] Netwrix Auditor via Legacy Agent	Netwrix	1	Netwrix Auditor
🚫 [Deprecated] NGINX HTTP Server	Nginx	1	NGINX HTTP Server
🚫 [Deprecated] Nozomi Networks N2OS via AMA	Nozomi Networks	1	NozomiNetworks
🚫 [Deprecated] Nozomi Networks N2OS via Legacy Agent	Nozomi Networks	1	NozomiNetworks
🚫 [Deprecated] Onapsis Platform	Onapsis	1	Onapsis Platform
🚫 [Deprecated] OpenVPN Server	OpenVPN	1	OpenVPN
🚫 [Deprecated] Oracle Database Audit	Oracle	1	OracleDatabaseAudit
🚫 [Deprecated] Oracle WebLogic Server	Oracle	1	OracleWebLogicServer
🚫 [Deprecated] OSSEC via AMA	OSSEC	1	OSSEC
🚫 [Deprecated] OSSEC via Legacy Agent	OSSEC	1	OSSEC
🚫 [Deprecated] Palo Alto Networks (Firewall) via AMA	Palo Alto Networks	1	PaloAlto-PAN-OS
🚫 [Deprecated] Palo Alto Networks (Firewall) via Legacy Agent	Palo Alto Networks	1	PaloAlto-PAN-OS
🚫 [Deprecated] Palo Alto Networks Cortex Data Lake (CDL) via AMA	Palo Alto Networks	1	PaloAltoCDL
🚫 [Deprecated] Palo Alto Networks Cortex Data Lake (CDL) via Legacy Agent	Palo Alto Networks	1	PaloAltoCDL
🚫 [Deprecated] PingFederate via AMA	Ping Identity	1	PingFederate
🚫 [Deprecated] PingFederate via Legacy Agent	Ping Identity	1	PingFederate
🚫 [Deprecated] PostgreSQL Events	PostgreSQL	1	PostgreSQL
🚫 [Deprecated] Pulse Connect Secure	Pulse Secure	1	Pulse Connect Secure
🚫 [Deprecated] RIDGEBOT - data connector for Microsoft Sentinel	RidgeSecurity	1	RidgeSecurity
🚫 [Deprecated] RSA® SecurID (Authentication Manager)	RSA	1	RSA SecurID
🚫 [Deprecated] SonicWall Firewall via AMA	SonicWall	1	SonicWall Firewall
🚫 [Deprecated] SonicWall Firewall via Legacy Agent	SonicWall	1	SonicWall Firewall
🚫 [Deprecated] Sophos XG Firewall	Sophos	1	Sophos XG Firewall
🚫 [Deprecated] Squid Proxy	Squid	1	SquidProxy
🚫 [Deprecated] Symantec Endpoint Protection	Broadcom	1	Symantec Endpoint Protection
🚫 [Deprecated] Symantec ProxySG	Symantec	1	SymantecProxySG
🚫 [Deprecated] Symantec VIP	Symantec	1	Symantec VIP
🚫 [Deprecated] Trend Micro Apex One via AMA	Trend Micro	1	Trend Micro Apex One
🚫 [Deprecated] Trend Micro Apex One via Legacy Agent	Trend Micro	1	Trend Micro Apex One
🚫 [Deprecated] Trend Micro Deep Security via Legacy	Trend Micro	1	Trend Micro Deep Security
🚫 [Deprecated] Trend Micro TippingPoint via Legacy	Trend Micro	1	Trend Micro TippingPoint
🚫 [Deprecated] Ubiquiti UniFi	Ubiquiti	1	Ubiquiti UniFi
🚫 [Deprecated] vArmour Application Controller via AMA	vArmour	1	vArmour Application Controller
🚫 [Deprecated] vArmour Application Controller via Legacy Agent	vArmour	1	vArmour Application Controller
🚫 [Deprecated] Vectra AI Detect via AMA	Vectra AI	1	Vectra AI Detect
🚫 [Deprecated] Vectra AI Detect via Legacy Agent	Vectra AI	1	Vectra AI Detect
🚫 [Deprecated] VMware ESXi	VMWare	1	VMWareESXi
🚫 [Deprecated] VMware vCenter	VMware	1	VMware vCenter
🚫 [Deprecated] Votiro Sanitization Engine Logs	Votiro	1	Votiro
🚫 [Deprecated] WatchGuard Firebox	WatchGuard Technologies	1	Watchguard Firebox
🚫 [Deprecated] WireX Network Forensics Platform via AMA	WireX_Systems	1	WireX Network Forensics Platform
🚫 [Deprecated] WireX Network Forensics Platform via Legacy Agent	WireX_Systems	1	WireX Network Forensics Platform
🚫 [Deprecated] WithSecure Elements via Connector	WithSecure	1	WithSecureElementsViaConnector
🚫 [Deprecated] Zscaler Private Access	Zscaler	1	Zscaler Private Access (ZPA)

---

🚫 Deprecated: This connector has been deprecated and may be removed in future versions.

⚠️ Unpublished: This item is from a solution that is not yet published on Azure Marketplace or not installed in Content Hub.

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Methods Index