1 |
2 |
4 |
5 |
Click Next to select the events to forward based on subsystem and event date. Once the subscription is created the starting event date and time cannot be changed. |
• |
By default, events start sending after the subscription is created. To change when to begin sending events, click Send events starting from and select the desired date and time. |
6 |
Click Finish. |
1 |
1 |
5 |
Click Finish. |
1 |
1 |
The unique identifier for the Log Analytics workspace that has been enabled for Microsoft Sentinel. | |||
| |||
Specifies whether the subscription is enabled or disabled. By default it is enabled. | |||
Example: Create a subscription to send all subsystems event data to Microsoft Sentinel
Use this command to see the details of the current Microsoft Sentinel subscriptions.
Example: Get a list of all Microsoft Sentinel subscriptions
Get-CASentinelEventSubscriptions -Connection $connection
The command returns the following information.
Use this command to modify a Microsoft Sentinel subscription
The ID of the subscription to modify. This parameter is required if the Subscription parameter is not specified. Use the Get-CASentinelEventSubscriptions command to find the ID. | |||
| |||
The unique identifier for the Log Analytics workspace that has been enabled for Microsoft Sentinel. | |||
Example: Set a new batch size value for a Microsoft Sentinel subscription
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center