question

bombbe avatar image
bombbe asked ·

Azure VM Defender AV log to Log Analytics

Hi,
I'm trying to get Defender AV log from Azure VM (2016) to log analytics but I can't find play where configure it. When trying to add Defender AV log from Log Anaytics -> Advanced settings -> Windows Event Logs -> and type "Windows Defender" or "Defender" I can't find the "Path" or ways to add that to the collected logs list . If i go to VM and go to Event Event Viewer >> Applications and Services Logs >> Microsoft >> Windows >> Windows Defender >> Operational I can see that there all a lot of events.

I tried also searched "SecurityEvent" table with Defender AV IDs but could not found a single event. Any tips how to get those infos into workspace?

azure-virtual-machinesazure-virtual-machines-monitoring
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

DSPatrick avatar image
DSPatrick answered ·

May want to ask this one over here in dedicated forums.

https://social.technet.microsoft.com/Forums/en-US/home?forum=WindowsDefenderATPPreview


--please don't forget to Accept as answer if the reply is helpful--

Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management


Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.



2 comments Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

bombbe avatar image bombbe ·

Hi, thanks. I will try that.

0 Votes 0 · ·
DSPatrick avatar image DSPatrick bombbe ·

You're welcome.


0 Votes 0 · ·