Windows defender logs

cara_es · October 6, 2023, 10:30am

Hi.
How can i get logs from windows defender to Elasticsearch

the log are in EventViewer -> Applications and Services Logs
Microsoft - Windows - Windows Defender - Operational

Kind regards
Carsten

cara_es · October 6, 2023, 10:32am

Forgot to write i use version 8.8.1 and the servers are on-premises

wsouza · October 9, 2023, 2:29pm

Hi, you need to create a policy and add the Custom Windows event logs integration. And enter the Microsoft-Windows-Windows Defender/Operational channel to collect the logs you want.

You can get a list of available event log channels by running Get-WinEvent -ListLog * | Format-List -Property LogName in PowerShell on Windows Vista or newer. If Get-WinEvent is not available, Get-EventLog * may be used.

cara_es · October 11, 2023, 1:59pm

Thanks.
( i hasn't seen that integration )

Regards Carsten

system · November 8, 2023, 1:59pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Winlogbeat doesnt send windows defender events Beats winlogbeat	3	346	October 22, 2020
Help with collecting Custom Windows Event Logs with Elastic Agent Logs	1	1473	February 18, 2022
Get Windows Defender logs in Logstash using Winlogbeat Beats winlogbeat	2	1083	September 14, 2021
Integrate Microsoft Defender with Elastic Elastic Security	3	234	April 24, 2024
Elastic Agent Custom Windows Event Logs Beats winlogbeat	5	3207	June 15, 2022

Windows defender logs

Related topics