Microsoft Exchange Message Tracking Logs connector for Microsoft Sentinel
[Option 6] - Using Azure Monitor Agent - You can stream all Exchange Message Tracking from the Windows machines connected to your Microsoft Sentinel workspace using the Windows agent. Those logs can be used to track the flow of messages in your Exchange environment. This data connector is based on the option 6 of the Microsoft Exchange Security wiki.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | MessageTrackingLog_CL |
| Data collection rules support | Not currently supported |
| Supported by | Community |
Query samples
Exchange Message Tracking logs
MessageTrackingLog_CL
| sort by TimeGenerated
Prerequisites
To integrate with Microsoft Exchange Message Tracking Logs make sure you have:
- Azure Log Analytics will be deprecated: Azure Log Analytics will be deprecated, to collect data from non-Azure VMs, Azure Arc is recommended. Learn more
- Detailled documentation: >NOTE: Detailled documentation on Installation procedure and usage can be found here
Vendor installation instructions
Note
This solution is based on options. This allows you to choose which data will be ingest as some options can generate a very high volume of data. Depending on what you want to collect, track in your Workbooks, Analytics Rules, Hunting capabilities you will choose the option(s) you will deploy. Each options are independant for one from the other. To learn more about each option: 'Microsoft Exchange Security' wiki
This Data Connector is the option 6 of the wiki.
- Download and install the agents needed to collect logs for Microsoft Sentinel
Type of servers (Exchange Servers, Domain Controllers linked to Exchange Servers or all Domain Controllers) depends on the option you want to deploy.
- Message Tracking of Exchange Servers
Select how to stream Message Tracking of Exchange Servers
Next steps
For more information, go to the related solution in the Azure Marketplace.