This installment is part of a broader series to keep you up to date with the latest features in Azure Sentinel. The installments will be bite-sized to enable you to easily digest the new content.
Note: The Log Analytics agent is sometimes referred to as the OMS Agent or the Microsoft Monitoring Agent (MMA).
We’ve made some improvements to the Log Analytics agent that will make it even easier and flexible for you to use across a wider range of platforms.
If you’re unfamiliar with this product, the Azure Log Analytics agent collects telemetry from Windows and Linux virtual machines in any cloud, on-premises machines, and those monitored by System Center Operations Manager and sends it collected data to your Log Analytics workspace. You can read more about it here. You can also read the release notes for the agent here.
In Azure Sentinel, it can be used to facilitate the sending of the following events to your workspace:
- Windows Security events
- Syslog
- Common Event Format (CEF) logs
- Windows Firewall logs
- DNS logs
- IIS logs
- Network connections
Support for new operating systems
The Log Analytics agent can now be installed on an even wider range of Linux distros. We recently added support for:
- CentOS 8
- RedHat 8
- SUSE Linux 15
Click here to see the full list of supported OSs.
Support for Python 3
Probably even more anticipated then our expanded OS support, we are happy to announce that starting from Agent version 1.13.27, the Linux Log Analytics Agent will support both Python 2 and 3. This means that customers now have the option to use whatever Python version they prefer (or whatever comes by default on their machine). This works both for a direct install of the agent and when installing as part of the CEF log forwarder.
Get started today!
Try out the new connector and let us know your feedback using any of the channels listed in the Resources.
You can also contribute new connectors, workbooks, analytics and more in Azure Sentinel. Get started now by joining the Azure Sentinel Threat Hunters GitHub community and follow the guidance.
With thanks to @Jeremy Tan, @Chi_Nguyen and @Ofer_Shezaf for their inputs on this blog post.
