Windows Forwarded Events
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft Corporation |
| Support Tier | Microsoft |
| Support Link | https://support.microsoft.com |
| Categories | domains |
| Version | 3.0.0 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2022-05-02 |
| Last Updated | 2025-12-14 |
| Solution Folder | Windows Forwarded Events |
| Marketplace | Azure Marketplace · Popularity: 🔵 Medium (69%) |
The Windows Forwarded Events solution allows you to ingest all Windows Event Forwarding (WEF) logs from the Windows Servers connected to your Microsoft Sentinel workspace using Azure Monitor Agent (AMA).
Underlying Microsoft Technologies used:
This solution is dependent on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
a. Agent based logs collection from Windows and Linux machines
Contents
Data Connectors
This solution provides 1 data connector(s):
Tables Used
This solution uses 2 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
Event |
- | Analytics |
WindowsEvent |
Windows Forwarded Events | Analytics |
Content Items
This solution includes 4 content item(s) (2 in solution, 2 discovered 🔍):
| Content Type | Total | In Solution | Discovered |
|---|---|---|---|
| Analytic Rules | 4 | 2 | 2 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Caramel Tsunami Actor IOC - July 2021 | High | Persistence | WindowsEvent |
| Chia_Crypto_Mining IOC - June 2021 | Low | Impact | WindowsEvent |
| Progress MOVEIt File transfer above threshold ⚠️ | Medium | Exfiltration | Event |
| Progress MOVEIt File transfer folder count above threshold ⚠️ | Medium | Exfiltration | Event |
⚠️ Items marked with ⚠️ are not listed in the Solution JSON file. They were discovered by scanning the solution folder and may be legacy items, under development, or excluded from the official solution package.
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.0 | 10-04-2024 | Updated entity mappings of Analytical Rule |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊