Log Analytics Windows Security Logs

Category: azure operational insights

Question

LukeUhren on Wed, 05 Feb 2020 15:37:10


I am wondering if someone can clear this up for me or not. Currently when I go into advanced settings > Data > Windows Event Logs in the Azure Log Analytics workspace for any of my current tenants I do not see you can collect Security log itself from windows. I just see others that are not the actual Security log I want. Is this possible to collect, or is this being collected by default and I am not noticing?

I see something about a Security and Audit log solution needed and Microsoft doesn't offer collecting Security logs in OMS? Is this true? https://techcommunity.microsoft.com/t5/azure-log-analytics/oms-query-for-ad-login-and-log-offs/m-p/162689#

As if I look here, I do not see Security logs are mentioned https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events

And screen shot here as well obviously not showing up in the search options to add for collection



Any clarification on this would be appreciated

Replies

LukeUhren on Wed, 05 Feb 2020 15:43:58


I think I may have found it where you enable it here in Azure Security Center https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection#data-collection-tier