История

v-atulyadav 637eaa2bd0 Update readme		2023-07-07 12:48:49 +05:30
..
README.md	Update readme	2023-07-07 12:48:49 +05:30
azuredeploy.json	updated path into tools but DCRs Library	2023-06-28 18:31:39 -04:00

README.md

Data Collection Rule for MDE Network protection events

This template creates a data collection rule defining the data source (WindowsEvents) and the destination workspace. The rule will collect Windows Defender Events around Network Protections. EventIDs 5007 - config change, 1125 - network connection audited, 1126 - network connection blocked.

Prerequisites

A log analytics workspace resource created. The resource ID will be the input of the deployment.

Notes

For more information on data collection rules, please visit:

Data Collection Rules overview
Data Collection Rule Associations
Azure Monitor agent overview
Install Azure Monitor agent

Tags: DCR, DCRA, Monitor, data collection, data collection rule, azure monitor, MDE, Network Protection