is there any way I can ship windows defender even to Elasticsearch ? I cannot see any Windows defender related events in Elasticsearch. Can anyone help me on this ?
I think you need to add a reader for the Windows Defender channel.
wineventlog.event_logs:
- name: Microsoft-Windows-Windows Defender/Operational
@andrewkroh thanks. I tried that but no luck.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.