Forum Discussion
Windows 10 Event Logs not appearing on Log Analytics Workspace
Hello, I have been trying to get the event logs from windows 10 devices to log analytics workspace at first. On the 'Agent Configuration' page under Log Analytics workspace, I have added Application...
Rod_Trent
Microsoft
MicrosoftSecurity and AppLocker events are collected by default. See https://cda.ms/2WP for the list.
Which Data Connector do you have enabled? The Windows Security Events or the Security Events data connector?
P.S. Depending on how many Windows 10 devices you have, enabling event log collection on all in your org on-premises will be expensive.
Which Data Connector do you have enabled? The Windows Security Events or the Security Events data connector?
P.S. Depending on how many Windows 10 devices you have, enabling event log collection on all in your org on-premises will be expensive.
Hi Rod,
Thank you for your response! Actually I did not enabled any connector on Sentinel. I thought there should be an option for Security Events under 'Agent Configuration' page in Log Analytics Workspace and as a result, the logs should be visible there. I have sentinel connected to this workspace as well. Let me just quickly enable it and test.
Thank you for your response! Actually I did not enabled any connector on Sentinel. I thought there should be an option for Security Events under 'Agent Configuration' page in Log Analytics Workspace and as a result, the logs should be visible there. I have sentinel connected to this workspace as well. Let me just quickly enable it and test.
- Rod_TrentSo, yes...you'll need to enable the Data Connector, but there's also an agent installation. The instructions for that are in the Data Connector pages.