Windows agent not sending Security Events

AndrewX · ‎Jun 01 2021

Hey, I have a handful of agents to deployed to various Windows machines, but one (or a couple) are happily sending heartbeats, System and Application logs, but NOT the Security log?

Any ideas?

Seshadrr · ‎Jun 02 2021

The Security Log, in Microsoft Windows, is a log that contains records of login/logout activity or other security-related events specified by the system's audit policy. Auditing allows administrators to configure Windows to record operating system activity in the Security Log.

Azure Security: If you have VM hosted in On-Prem or Azure env, the necessary agent deployed to be monitor the Insights and other security events to capture through Azure Security Center where you have package which includes Azure defender plan https://azure.microsoft.com/en-us/pricing/details/azure-defender/

Please explore this Security Center to have monitor all real time threads, exploits and suspicious traffic etc

AndrewX · ‎Jun 02 2021

Thanks for your reply and thoughts. I may have not been clear so let me put it another way.

I have installed the agent on servers A, B and C. I see windows security events ingested into the SecurityEvent table in Azure Log Analytics for Servers A & B, but not C.

A&B are server 2012r2, server C is 2019 core.

Could it be that the Azure Agent doesn't have access to read the security log?

Windows agent not sending Security Events

Windows agent not sending Security Events

Re: Windows agent not sending Security Events

Re: Windows agent not sending Security Events

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Windows agent not sending Security Events

Windows agent not sending Security Events

Re: Windows agent not sending Security Events

Re: Windows agent not sending Security Events