Windows defender logs

cara_es · October 6, 2023, 10:30am

Hi.
How can i get logs from windows defender to Elasticsearch

the log are in EventViewer -> Applications and Services Logs
Microsoft - Windows - Windows Defender - Operational

Kind regards
Carsten

cara_es · October 6, 2023, 10:32am

Forgot to write i use version 8.8.1 and the servers are on-premises

wsouza · October 9, 2023, 2:29pm

Hi, you need to create a policy and add the Custom Windows event logs integration. And enter the Microsoft-Windows-Windows Defender/Operational channel to collect the logs you want.

You can get a list of available event log channels by running Get-WinEvent -ListLog * | Format-List -Property LogName in PowerShell on Windows Vista or newer. If Get-WinEvent is not available, Get-EventLog * may be used.

cara_es · October 11, 2023, 1:59pm

Thanks.
( i hasn't seen that integration )

Regards Carsten

system · November 8, 2023, 1:59pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Help with collecting Custom Windows Event Logs with Elastic Agent Logs	1	1466	February 18, 2022
Get Windows Defender logs in Logstash using Winlogbeat Beats winlogbeat	2	1074	September 14, 2021
Integrate Microsoft Defender with Elastic Elastic Security	3	225	April 24, 2024
Elastic Agent Custom Windows Event Logs Beats winlogbeat	5	3143	June 15, 2022
Elastic Agent Issues Sending Logs - How much longer we need to wait? Beats elastic-agent	2	426	October 13, 2021

Windows defender logs

Related Topics