Forum Discussion

PawelB1645's avatar
PawelB1645
Copper Contributor
Oct 07, 2021

Adding Windows Srecurity Logs into Azure sentinel

Hello,

I wanted to add a the windows security log into ingestion but it cannot be done:

although, no security events are sent into my sentinel by default:

 

The events with the ID 4625 are of course created:

 

What could I do?

 

Best regards

  • Security Logs are collected via a different route, see the "Security Events" data connector, in the Sentinel portal, or "Windows Security Events (Preview). These specific logs are then written to the SecuityEvent table, rather than the Events table.
  • Security Logs are collected via a different route, see the "Security Events" data connector, in the Sentinel portal, or "Windows Security Events (Preview). These specific logs are then written to the SecuityEvent table, rather than the Events table.
    • PawelB1645's avatar
      PawelB1645
      Copper Contributor

      CliveWatson 

      Thank you. I had the the security Windows security Events(preview) conector instead of the SecurityEvents

Resources