Azure VM Defender AV log to Log Analytics

Question

question

bombbe asked Jun 8, '20 DSPatrick commented Jun 8, '20

Azure VM Defender AV log to Log Analytics

Hi,
I'm trying to get Defender AV log from Azure VM (2016) to log analytics but I can't find play where configure it. When trying to add Defender AV log from Log Anaytics -> Advanced settings -> Windows Event Logs -> and type "Windows Defender" or "Defender" I can't find the "Path" or ways to add that to the collected logs list . If i go to VM and go to Event Event Viewer >> Applications and Services Logs >> Microsoft >> Windows >> Windows Defender >> Operational I can see that there all a lot of events.

I tried also searched "SecurityEvent" table with Defender AV IDs but could not found a single event. Any tips how to get those infos into workspace?

azure-virtual-machines azure-virtual-machines-monitoring

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 1 · 2020-06-08T14:06:00.62Z

DSPatrick answered Jun 8, '20 DSPatrick commented Jun 8, '20

May want to ask this one over here in dedicated forums.

https://social.technet.microsoft.com/Forums/en-US/home?forum=WindowsDefenderATPPreview

--please don't forget to Accept as answer if the reply is helpful--

Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

· 2

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

bombbe · Jun 08, 2020 at 02:07 PM

Hi, thanks. I will try that.

0 ·

DSPatrick bombbe · Jun 08, 2020 at 02:08 PM

You're welcome.

0 ·

question