Share via

Azure Monitor - Security Logs to Log Analytics

Sumeetha Mogasati 126 Reputation points
2022-03-25T10:46:01.547+00:00

Hi,

The solution requirement is to store Audit Logs (Security logs) from the Azure Monitor in Azure Log Analytics.

After installing an agent for Azure Monitor and checking the collected logs, it is understood that Security logs are not captured/collected. Azure processes Security Logs through satellite or Windows Defender. It is feasible to process the logs locally on the file server but requires a 3rd party application, which involves cost, licensing, etc.

Currently, there is no native support from Azure Monitor for Security Logs.

Help appreciated meeting the above requirements natively without using any 3rd party services.

Thanks,

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,665 questions
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
Microsoft Security | Microsoft Sentinel
0 comments
Accepted answer
  1. Andrew Blumhardt 10,051 Reputation points Microsoft Employee
    2022-03-25T15:10:59.227+00:00

    Log Analytics does not support Windows security event log collection (when using the MMA agent). It is not listed in the custom event log collection list. At least not using the MMA agent directly. You need to use Defender for Cloud or Sentinel for security event collection. Though it appears that the new Data Collection Rules used with the new AMA agent do allow security event collection as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.