Share via

Azure VM Defender AV log to Log Analytics

bombbe 1,466 Reputation points
2020-06-08T14:01:26.15+00:00

Hi,
I'm trying to get Defender AV log from Azure VM (2016) to log analytics but I can't find play where configure it. When trying to add Defender AV log from Log Anaytics -> Advanced settings -> Windows Event Logs -> and type "Windows Defender" or "Defender" I can't find the "Path" or ways to add that to the collected logs list . If i go to VM and go to Event Event Viewer >> Applications and Services Logs >> Microsoft >> Windows >> Windows Defender >> Operational I can see that there all a lot of events.

I tried also searched "SecurityEvent" table with Defender AV IDs but could not found a single event. Any tips how to get those infos into workspace?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
0 comments
Answer accepted by question author
  1. Anonymous
    2020-06-08T14:06:00.62+00:00

    May want to ask this one over here in dedicated forums.

    https://social.technet.microsoft.com/Forums/en-US/home?forum=WindowsDefenderATPPreview

    --please don't forget to Accept as answer if the reply is helpful--

    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.