![]() ![]() Scaling out a VMSS can be done automatically based on resource consumption: CPU, disk space, and memory consumption. ![]() ![]() The network rules for the VMSS will need to be configured to allow traffic to come in via the required ports for forwarding. The scale set will leverage the AMA extension specifically for VMSS. If using an Azure hosted VMSS, these devices will replace individual forwarders. Load Balancer and VMSS in Azure - RECOMMENDED For Windows Event Forwarding, please refer to Find your Microsoft Sentinel data connector | Microsoft Learn.For CEF ingestion, please refer to Stream CEF logs to Microsoft Sentinel with the AMA connector | Microsoft Learn.For Syslog ingestion, please refer to Forward syslog data to Microsoft Sentinel and Azure Monitor by using the Azure Monitor agent | Micro.For additional information on how AMA handles different log sources: AMA enables the usage of features that the Microsoft Monitoring Agent(MMA) provides and newer features such as ingestion time transformation, multi-homing, and more through the use of data collection rules (DCR) and data collection endpoints (DCE). Non-Azure: All components reside outside of Azure.Įach scenario above leverages the Azure Monitor Agent(AMA).Hybrid: One component resides outside of Azure.Azure based: Components for collection reside within the Azure platform.The architectures can be categorized into 3 main scenarios: This blog will provide a high-level overview of potential architecture designs that can be used to achieve a high availability, scalable ingestion pipeline. The main components that will be covered in the designs will be: **Thank you to the Microsoft Sentinel C圎 team, Jeff Wolford, and the assistance with this document.** ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |