Closed mmkmur closed 2 years ago
Hi @mmkmur are you referring to Microsoft Defender for Servers monitoring dashboard ?
Thanks for getting back . Yes, exactly. Here, I see the workspace being reported is on the basis of where the MMA is pointing to.
In my case, we have both agents side by side and AMA is tasked to collect the SecurityEvents and is pointing to a 'X' workspace. But since the existing machines have MMA by default the workbook reports as if these machines are reporting to 'Y' workspace. I would like to know how I can modify the resource graph query to include the 'AMA' workspace status.
Not sure if I was able to articulate the question well. Thanks
From: ShaykeAmar @.> Sent: Sunday, December 19, 2021 1:49 PM To: Azure/Microsoft-Defender-for-Cloud @.> Cc: MKrish @.>; Mention @.> Subject: Re: [Azure/Microsoft-Defender-for-Cloud] Extend support for AMA agent in the workbook. (Issue #502)
Hi @mmkmurhttps://github.com/mmkmur are you referring to Microsoft Defender for Servers monitoring dashboardhttps://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Workbooks/Defender%20for%20Servers%20Monitoring ?
— Reply to this email directly, view it on GitHubhttps://github.com/Azure/Microsoft-Defender-for-Cloud/issues/502#issuecomment-997348775, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AUBO5EPZPQ7YWN7QQYH23VTURWIR5ANCNFSM5KKYO3EQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you were mentioned.Message ID: @.***>
Thanks for the clarification @mmkmur, adding @TomJanetscheck for awareness.
Thanks @ShaykeAmar for adding me.
Hi @mmkmur, The workbook has been created to provide awareness of (mis)configuration within the scope of Defender for Cloud. Since Defender for Cloud leverages the Log Analytics agent only, not the AMA, AMA connection information is not part of the workbook. For Defender for Servers and Defender for SQL on machines to work correctly, it's mandatory to enable these plans on both, the subscription and the Log Analytics workspace the LA agent on a machine is connected to.
Many customers are previewing defender for cloud using AMA in the private preview
Could you please extend the support for AMA as well for this workbook? We have AMAs deployed side by side, but the workbook is identifying only the workspace where the MMA is sending heartbeat to.