Azure Security Center Logging via AMA Agent vs. MMA

%3CLINGO-SUB%20id%3D%22lingo-sub-2816629%22%20slang%3D%22en-US%22%3EAzure%20Security%20Center%20Logging%20via%20AMA%20Agent%20vs.%20MMA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2816629%22%20slang%3D%22en-US%22%3E%3CP%3EI%20would%20like%20to%20separate%20performance%20and%20diagnostic%20data%20from%20security%20data.%20With%20the%20MMA%20it%20is%20only%20possible%20to%20send%20to%20one%20Log%20Analytic%20Workspace%20and%20has%20no%20capability%20to%20separate%20data.%20With%20MMA%20you%20can%20restrict%20access%20to%20the%20relevant%20tables%20like%20SecurityEvent%20can%20only%20be%20distinguished%20via%20access%20rights%20in%20RBAC%20and%20you%20can%20handle%20retention%20time%20individually%26nbsp%3B%20via%20rules.%20However%2C%20due%20to%20compliance%20requirements%2C%20you%20often%20want%20to%20define%20separate%20log%20targets%20from%20scratch%20in%20order%20to%20handle%20them%20independently%20of%20each%20other.%20So%20requirement%20is%20to%20end%20up%20with%20two%20seperate%20LAWs.%20For%20this%20I%20found%20the%20new%20Azure%20Monitor%20Agent%20which%20allows%20to%20send%20data%20to%20two%20different%20LAWs%20via%20Data%20Collection%20Rules%20and%20thus%20enables%20a%20data%20separation.%20Now%20I%20have%20the%20question%20from%20Security%20Center%20point%20of%20view%20if%20I%20can%20do%20without%20the%20classic%20MMA%20agent%20on%20the%20machines%20or%20if%20I%20still%20need%20it%20for%20Defender%20and%20co.%20on%20the%20machines%3F%3C%2FP%3E%3CP%3EKind%20Regards%3C%2FP%3E%3CP%3ESebastian%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I would like to separate performance and diagnostic data from security data. With the MMA it is only possible to send to one Log Analytic Workspace and has no capability to separate data. With MMA you can restrict access to the relevant tables like SecurityEvent can only be distinguished via access rights in RBAC and you can handle retention time individually  via rules. However, due to compliance requirements, you often want to define separate log targets from scratch in order to handle them independently of each other. So requirement is to end up with two seperate LAWs. For this I found the new Azure Monitor Agent which allows to send data to two different LAWs via Data Collection Rules and thus enables a data separation. Now I have the question from Security Center point of view if I can do without the classic MMA agent on the machines or if I still need it for Defender and co. on the machines?

Kind Regards

Sebastian

0 Replies
www.000webhost.com