Forum Discussion
How to enable collection Process command line for windows server
I tried to search for “process command line” detail in Window event ID 4688 via Sentinel. However, it seems that Sentinel is not recording the “process command line” log. How can I enable the colle...
How do I enable CommandLine entries?
You should need to, how are you bringing these in, do you use MMA or AMA (maybe AMA is excluding the columns you need in the DCR?)
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/testing-the-new-version-of-the-windows-security-events-connector/ba-p/2483369
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/testing-the-new-version-of-the-windows-security-events-connector/ba-p/2483369