Windows Firewall
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft Corporation |
| Support Tier | Microsoft |
| Support Link | https://support.microsoft.com |
| Categories | domains |
| Version | 3.0.3 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2022-05-02 |
| Solution Folder | Windows Firewall |
| Marketplace | Azure Marketplace · Popularity: 🔵 Medium (71%) |
The Windows Firewall solution for Microsoft Sentinel allows you to ingest Windows Firewall Events into Microsoft Sentinel using the Log Analytics agent for Windows.
Installing this solution will deploy two data connectors,
- Windows Firewall Events via AMA - This data connector helps in ingesting Windows Firewall Events into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent here. Microsoft recommends using this Data Connector
- Windows Firewall - This solution installs the data connector to ingest Windows Firewall events using the Windows Firewall solution for Azure. After installing the solution, configure and enable this data connector by following guidance in Manage solution view.
**NOTE**: Microsoft recommends Installation of Windows Firewall via AMA. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported.
Underlying Microsoft Technologies used:
This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
a. Agent based logs collection from Windows and Linux machines
Contents
Data Connectors
This solution provides 1 data connector(s) (plus 1 discovered⚠️):
🔍 Discovered: This item was discovered by scanning the solution folder but is not listed in the Solution JSON file.
Tables Used
This solution uses 5 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
ASimNetworkSessionLogs |
Windows Firewall Events via AMA | - |
Heartbeat |
- | Workbooks |
SecurityEvent |
- | Workbooks |
SigninLogs |
- | Workbooks |
WindowsFirewall |
Windows Firewall | Workbooks |
Content Items
This solution includes 1 content item(s):
| Content Type | Count |
|---|---|
| Workbooks | 1 |
Workbooks
| Name | Tables Used |
|---|---|
| WindowsFirewall | HeartbeatSecurityEventSigninLogsWindowsFirewall |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.3 | 16-07-2025 | Changed Data Connector template_WindowsFirewallAma.json to GA |
| 3.0.2 | 07-06-2024 | Changed Data Connector description template_WindowsFirewallAma.json |
| 3.0.1 | 27-10-2023 | New Data Connector added WindowsFirewallAma |
| 3.0.0 | 19-07-2023 | Initial Solution Release |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊