Forum Discussion
Microsoft Defender for Identity logs to syslog server
i had configured MDI to send logs to my syslog server. i gave its port number, nominated sensor, all the necessary details, and used test configuration to see if a test log reached my syslog server....
Hi, have all the logs been activated?
https://learn.microsoft.com/en-us/defender-for-identity/deploy/configure-windows-event-collection
if these audit logs are activated,
will logs regarding actions taken by Identity module start reaching syslog?
Question is from where WE can fetch logs that are related to the actions taken by MDI.
Also, collecting alerts from Microsoft Security graph API is a better option or the above is?