SC-200 - Manage a Security Operations Environment - Section 1.5
Select and configure Microsoft Sentinel data connectors for Windows security events, Syslog, and CEF.
Select the appropriate Microsoft Sentinel data connector for Windows Security Events via AMA, Syslog via AMA, or Common Event Format (CEF) via AMA, and configure data collection rules (DCR) to filter which event fields are forwarded. Recognise when Windows Event Forwarding (WEF) is the right collection path and how it differs from direct AMA-based ingestion.
data connector selectionWindows Security Events via AMAdata collection rules (DCR)Windows Event Forwarding (WEF)Syslog via AMACommon Event Format (CEF) via AMA
More in this domain
Back to all Manage a Security Operations Environment objectives, or the SC-200 cert hub.
Examworthy is not affiliated with or endorsed by Microsoft. Original, blueprint-aligned practice material only.