Forum Discussion
Solved
WEF forwarding to Azure Security Centre / Log Analytics
Hello - I am hoping this is possible and a viable option.
I currently use Windows Event Forwarding (WEF) with Winlogbeat sending events off to Elasticsearch. Epic, this works great, why would i...
WEF support is currently in preview and still has some limitations. Contact me directly if you would like to join, and we can discuss whether the current support would work for you.
As an alternative, you can continue to use CEF and winlogbeat and connect it to Sentinel using Logstash and the Logstash Log Analytics output plugin.
~ Ofer
Hi,
WEF isn’t supported at the moment.
A possible workaround is to write a custom powershell eventhandler and send the information periodically to log analytics.
I’ve created a similar solution for a NetApp filer in the past.
Regards,
Hannes
WEF isn’t supported at the moment.
A possible workaround is to write a custom powershell eventhandler and send the information periodically to log analytics.
I’ve created a similar solution for a NetApp filer in the past.
Regards,
Hannes