Hi.
How can i get logs from windows defender to Elasticsearch
the log are in EventViewer -> Applications and Services Logs
Microsoft - Windows - Windows Defender - Operational
Kind regards
Carsten
Forgot to write i use version 8.8.1 and the servers are on-premises
Hi, you need to create a policy and add the Custom Windows event logs integration. And enter the Microsoft-Windows-Windows Defender/Operational channel to collect the logs you want.
You can get a list of available event log channels by running Get-WinEvent -ListLog * | Format-List -Property LogName in PowerShell on Windows Vista or newer. If Get-WinEvent is not available, Get-EventLog * may be used.
Thanks.
( i hasn't seen that integration )
Regards Carsten
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.