locked
How to capture Windows Security event logs in Log Analytics? RRS feed

  • Question

  • Hi,

    I notice in Log Analytics workspace, I can go to Advanced Settings > Data > Windows Event Logs, and then tell it to collect Windows' Application logs and System logs. However, when trying to add the Windows Security logs, it seems there is no way to add it just like Application and System logs. Do i have to add all the possible security related logs manually? 

    Thanks,



    Tuesday, May 19, 2020 11:18 PM

All replies

  • Hi AZLearner,

    Depending on your requirements, collection of security events from your Windows VMs or physical Windows systems is provided with Azure Sentinel or Azure Security Center (using Security & Audit solution that's included in standard tier of Azure Security Center).
    Tuesday, May 26, 2020 4:02 AM
  • Thanks, KrishnaG. 

    I have Security Standard for my subscriptions but I don't see "Security & Audit" solution available under "security solutions" in Azure Security Center.

    On the other hand, can these security audit events at the Windows level available in Azure Monitor as well?

    There are so many names/solutions and it's not straightforward to figure out which one is capable of collecting the Windows security events.

    Thanks,

    Thursday, May 28, 2020 1:07 AM