LukeUhren on Wed, 05 Feb 2020 15:37:10
I am wondering if someone can clear this up for me or not. Currently when I go into advanced settings > Data > Windows Event Logs in the Azure Log Analytics workspace for any of my current tenants I do not see you can collect Security log itself from windows. I just see others that are not the actual Security log I want. Is this possible to collect, or is this being collected by default and I am not noticing?
I see something about a Security and Audit log solution needed and Microsoft doesn't offer collecting Security logs in OMS? Is this true? https://techcommunity.microsoft.com/t5/azure-log-analytics/oms-query-for-ad-login-and-log-offs/m-p/162689#
As if I look here, I do not see Security logs are mentioned https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
And screen shot here as well obviously not showing up in the search options to add for collection
Any clarification on this would be appreciated
LukeUhren on Wed, 05 Feb 2020 15:43:58
I think I may have found it where you enable it here in Azure Security Center https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection#data-collection-tier