New Contributor

Hi everyone.

How to add 'Microsoft-Windows-Sysmon' events to table 'SysmonEvent'?

I've try to setup it in my env w/ Win10, but Sysmon logs collected to 'Events' table only.

What I did wrong?


- Azure Sentinel instance
- Data collector Security Events - Minimal.
Advanced settings: 
    * Connected Sources Windows Agent (64 bit) installed on Win10
    * Data Windows events 'Microsoft-Windows-Sysmon/Operational'