Exercise 03: Validate the Sentinel Deployment

Sara Adeniyi 0 Reputation points
2024-12-14T21:13:48.0266667+00:00

When attempting to work on LAB-03 - Windows Security Events using AMA >> Create Data collection >> Resources >>, there is no list of machines to select from. Take a look at the attached images.Screenshot 2024-12-14 at 20.47.38

Screenshot 2024-12-14 at 20.47.19

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,398 questions
Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
1,083 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Ashok Gandhi Kotnana 1,585 Reputation points Microsoft Vendor
    2024-12-27T16:15:04.3833333+00:00

    Hi @Sara Adeniyi ,

    Welcome to Microsoft Q&A Forum, thank you for posting your query here!

    In the view of DCR creation firstly we need the following permissions.

    Please refer to the below doc.
    Create data collection rules (DCRs) in Azure Monitor - Azure Monitor | Microsoft Learn

    And make sure the VM’s are created and chosen from the same RG which has selected while creating the DCR.

    The reason for not showing the VM’s in the resources is because of different reasons, anyways it seems that the Azure virtual machine (VM) might not have the required diagnostic settings enabled. To add an Azure virtual machine (VM) to a Data Collection Rule (DCR), the VM must have the required diagnostic settings enabled.

    You can follow the below steps to enable diagnostic settings for the Azure virtual machine (VM):

    1.Go to the Azure portal and navigate to the virtual machine (VM) that you want to add to the DCR.

    2.Click on "Diagnostic settings" under the Monitoring section.

    3.Click on "Add diagnostic setting" and provide a name for the diagnostic setting.

    4.Select the required diagnostic logs and metrics that you want to collect.

    5.Select the destination as "Log Analytics workspace" and choose the workspace that you have configured in the DCR.

    6.Click on "Save" to save the diagnostic settings.

    Once the diagnostic settings are enabled for the Azure virtual machine (VM), you can try adding it to the DCR again.

    let us know if you have any further queries. I’m happy to assist you further.  User's image

    Please do not forget to "Accept the answer” wherever the information provided helps you, this can be beneficial to other community members.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.