Jun 02 2021 02:59 AM
Thanks in advance.
I can't see the Windows Defender logs (the system one) in Azure Sentinel
In the agent configuration I have added the branch: Microsoft-Windows-Windows Defender / Operational
As I do with Sysmon, but I don't see the events, for example when I disable online protection.
Can you think of what could be happening?
Thanks !!!
PS: is there any query where I can verify the "schema" that I have configured in the Windows agents, apart from seeing it graphically?
All the best