SOLVED

Log Collection without Defender for endpoint

Contributor

Hello,

 

I have a question, if i need to ingest the logs of an endpoint device without onboard the machine to Defender, i have 2 options, Log Analytics Agent & MMA agent, but it's not get the logs in the form as Defender get, like the following tables (DeviceEvents, DeviceProccess,,,etc),

how i can get these tables logs without onboarding the device to Defender??

 

Thanks.

1 Reply
best response confirmed by Qusai_Ismail (Contributor)
Solution
Those Tables are reserved for Defender, so you have to bring the data into other ones via the AMA or MMA.